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TECHNICAL MEMORANDUM X-64850 


SYSTEM SAFETY CHECKLIST 
SUMMARY 


This document provides current and future program organizations 
with a broad source of safety-related design criteria and suggests 
methods for systematic and progressive application of the criteria be- 
ginning with preliminary development of design requirements and speci- 
fications. 


INTRODUCTION 


This document has been prepared to introduce potential users to 
a system safety experience retention concept which was formalized on 
the Skylab Program through the means of system safety (design criteria) 
checklists. The document contains a composite of four design series 
checklists that were issued for Skylab and reflects updated criteria 
based on Implementation of the Skylab System Safety Checklist Program. 
The criteria have been prepared and organized for application on any 
space program. The document contains over 500 design criteria state- 
ments which are applicable to a variety of flight systems, experiments 
and other payloads, and associated ground support equipment and facility 
support systems. All of the suggested criteria are not applicable to 
all space activities, if for no other reason than the fact that Skylab 
involved manned flight. However, the consideration of criteria that 
may be too stringent in some applications may provide helpful stimulus 
to the design thought process. 

The checklist will not be fully exploited unless it is used at 
the working design level during the earliest phases of development. 

It can be effectively used at more mature stages of product develop- 
ment for purposes such as support to analytical efforts, as inspection 
criteria, and to aid in identifying potential hazards during the re- 
view of design changes, but obviously with less opportunity for influ- 
encing the design with minimal cost or schedule impact. 

Recognizing the user’s obligation to shape the checklist to his 
particular needs, a summary of the background, rationale, objectives, 
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development and implementation approach , and benefits based on Skylab 
experience has been included. 


HISTORICAL BACKGROUND 


Handbooks, guideline documents, hazard catalogs, and accident- 
incident summaries which have been developed over .the past ten to 
fifteen years are valuable indicators of past performance. However, 
according to a review of accident and incident experience from a wide 
variety of aerospace sources during the Skylab Program, it was clearly 
indicated that certain types of hazards have resulted in unsafe failures, 
accidents, and incidents again and again in each new program. 

The cumulative effects of new technology creates a significant 
number of new hazards that must be identified and controlled. However, 
experience has shown that the application of new technology to the de- 
velopment of each new product represents only a small part of the safety 
problem. The majority of system safety deficiencies and resultant acci- 
dents or incidents are largely related to design and operational con- 
ditions in areas where we have ten or more years experience. During 
Skylab, even with increased emphasis on the performance of Failure Mode 
and Effect Analyses (FMEA) , System Logic Analysis, Sneak Circuit Analy- 
sis and many other forms of hazard analysis, a remaining management 
concern existed in the area of recurrence control of proven accident 
causes * Thus, an improved technique for the effective application of 
safety-related experience from previous programs was sought. 

Some of the factors considered during initial studies to develop 
such a technique, which were also based on prior program experiences, 
are as follows: 

1. Corrective action implies that something was not done prop- 
erly the first time. Finding this out after the accident or failure 
occurs can be far more costly than the early identification of condi- 
tions which can lead to unsafe failures , equipment damage or personnel 
injury and correct them before they cause losses or casualties. Fur- 
thermore, the earlier in time that hazardous conditions are identified, 
the less they will cost to eliminate or reduce to an acceptable level. 

The factors of cost and schedule have a greater influence on decisions 
once designs are released and manufacturing and testing have started. 
This results in the tendency to apply procedural controls or rely on 
individual knowledge or awareness to control potential hazards in order 
to minimize design changes. 
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2. The responsibility for hazard identification and control has 
historically been inherent in the role of design engineering, reliabil- 
ity, quality assurance, and other disciplines. Nevertheless, there has 
been a limited understanding of the system safety aspects of a program 
by the various engineering, production, and operations personnel at all 
organizational levels throughout the industry. 

3. Cost constraints have limited the development of large safety 
organizations at the individual program level. Further, assigned safety 
personnel have had limited multidiscipline experience. 

4. There has been a recognized limitation of safety personnel 

to Influence product design. Some of the contributing factors identi- 
fied were: late assignment to a program, late completion of hazard 

analyses for designs reaching a production phase, and a limited number 
of safety personnel in combination with safety engineering time spent 
in developing plans, procedures, and techniques required to implement 
specified program level safety requirements. 

Because such factors, either singly or in combination, have 
varied with programs, contractors, and contracting organizations no 
universal solution was apparent. However, the need for a technique 
to increase the effectiveness of existing safety personnel through all 
organizations responsible for product development was evident- It was 
also recognized that to be effective such a technique would have to be 
relatively simple and compatible with established policies, procedures, 
and practices of many disciplines within a wide variety of product de- 
velopment organizations. 


A. Basic Objectives 


The basic objectives of the techniques developed for Skylab were: 

1. Determine the actual status of Skylab design features or 
operational conditions that could result in systems failure, equipment 
damage, or personnel Injury. 

2. Establish a systematic hazard identification and assessment 
program to supplement existing analytical efforts such as IKEA's, sneak 
circuit analysis, hazard analyses, etc. 

t 

3. Establish an approach to assess existing Skylab designs and 
operational conditions, using a broad combination of the retained safety- 
related experience from the aerospace industry as criteria. 

4. Provide a method to ensure effective implementation and visi- 
bility to management of results. 
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According to the previously mentioned reviews of accident and 
incident experiences, inadequacy of overpressure relief protection has 
historically been a factor in equipment loss or damage* Although relief 
devices have been installed to protect against overpressurization from 
such causes as regulator failure or human error, they have in many cases 
failed to do so* They have been found to be undersized with respect to 
the maximum flow capacity of an upstream failed-open regulator, improp- 
erly set with respect to protection for the end product being pressur- 
ized, and inhibited by caps, plugs, or valves. This single condition 
(improper sizing of relief devices) is an example of many conditions 
that were of concern to Skylab management. 

Initially, techniques to improve analytical methods for hazard 
identification were considered. Cost, limited numbers and experience 
of analysts, complexity of techniques, differences in established 
management practices within government agencies and contractor organi- 
zations, and the most important factor of time would not permit devel- 
opment and implementation of additional analytical methods. It was 
recognized, however, that a logical tool that could be applied to all 
existing analytical methods to assist in the identification of hazards 
is a checklist — specifically, a checklist based on tests, field opera- 
ting experience, and accident history. From this basic thought and in 
recognition of the first three stated objectives the Skylab System 
Safety Checklist Program evolved. 

It was recognized that safety program performance based on con- 
ventional indicators such as accident frequency, severity, or lost 
time would not be sufficient to the achievement of the fourth objective. 
The primary concern on Skylab was accident prevention with emphasis 
on recurrence control. Therefore, it was decided that a method to 
determine effectiveness would be based on potential hazards identified 
and actions taken to eliminate or control known accident or incident 
causes * 


B. Checklist Development and Implementation Approach 


At the time of initial development of the Skylab checklist con- 
cept the Skylab Program was in the later stages of development. For 
this reason, a more progressive total program concept was modified for 
Skylab application. A safety review of the entire Skylab Cluster and 
an assessment of the adequacy of protection for flight systems from 
ground support equipment (GSE) was to be performed as part of a Systems/ 
Operations Compatibility Review preparatory to the Design Certification 
Review (DCR) . 
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Four system safety checklists were developed using a broad com- 
bination of documents such as those shown in Table 1. 

Table 1, Typical Source Data for Checklist Development 


SKYLAB SYSTEM SAFETY CHECKLIST PROGRAM 


MANNED SPACE PROGRAMS ACCIDENT/INCIDENT SUMMARIES 

NASA, DIR OF SAFETY, MARCH 1970 

SYSTEM SAFETY ACC I DENT/ 1 NCI DENT SUMMARY 

NAR, SPACE DIV. JULY 1967 


AIR FORCE EASTERN TEST RANGE SAFETY MANUAL, VOL, I 

AFETRM 127-1, JANUARY 1, 1969 

MINUTES, SYSTEM SAFETY NETWORK TECHNICAL 
INTERCHANGE MEETINGS 



SPACE FLIGHT HAZARDS CATALOG 

MSC 00134, REV. A. JANUARY 

1970 

MANAGEMENT MANUAL TECHNICAL INFORMATION BULLETINS 

MSC-M8081 . JANUARY 1970 


SPACE FLIGHT HARDWARE ACCIDENT EXPERIENCE REPORT 

MSFC . OCTOBER 14, 1966 


APOLLO 14 SAFETY ASSESSMENT 

MSC-SN-1 -174-10. DECEMBER 

2, 1970 

AIR FORCE SYSTEMS COMMAND DESIGN HANDBOOK, 
SERIES 1-0 

DH 1-6. JULY 20, 1968 
REV. JULY 20, 1970 


REPORT OF APOLLO 204 REVIEW BOARD... ALL APPENDICES 

APRIL 5, 1967 


REPORT OF APOLLO 13 REVIEW BOARD... ALL APPENDICES 

JUNE 16, 1970 


MANNED SPACECRAFT CRITERIA AND STANDARDS 

MSCM 8080, APRIL 26, 1971 



The approach selected for checklist development was to convert 
accident and incident data into positive design criteria statements 
which were specifically tailored to assess the hardware systems and 
equipment indicated by the following general titles: 

1. Ground Support Equipment Design (SA-G03-001-2H, July 1971), 

2. Flight Systems Design (SA-003-002-2H, November 1971), 

3. Experiment Systems Design (SA-003-003-2H, November 1971), 

4. Experiment Ground Support Equipment Design (SA-003-004-2H, 
November 1971) . 

The approach selected for checklist implementation was to allow 
Skylab design organizations to assess that hardware for which they were 
responsible at the time the checklist was issued. This approach per- 
mitted the most rapid and accurate safety assessment of the Skylab 
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hardware by using the personnel most knowledgeable of the design details 
— the design engineers. In addition, a system for receipt, review, 
evaluation, follow-up with design organizations, statusing, and tracking 
of potential problems and actions taken was developed concurrently with 
checklist development and issuance. 

Each Skylab system safety checklist document was issued with 
separate instructions for completion. The checklists were issued by 
MSEC, Skylab Program management ". . . to provide an independent assess- 
ment of Skylab hardware, to be doubly sure that crew safety and the 
accomplishment of primary mission objectives will not be compromised. 

The principle of 'experience retention' has been applied to the devel- 
opment of the checklists, which are based on the safety- related experi- 
ences from many sources in the aerospace community, in both industry 
and Government." 

The checklist format, as shown in Figure 1, with sample criteria 
statements applicable to GSE design, was unique in both the manner in 
which it was written and the manner in which it was intended to be used. 
The intent was to provide actual status of design features. Therefore, 
such common terms as "critical," "high pressure," "low pressure," "high 
voltage," and "shall be avoided" were not used. Words of this type 
could have led to ambiguity and might have been subject to differences 
of opinion. The format was designed to accommodate a specific procedure 
for completion and standardized processing of the checklists at MSFC. 

The procedure was developed to attain the stated checklist program ob- 
jectives. The basic procedure for completion and return is outlined as 
follows : 

1. Checklists were intended for use by each design element having 
responsibility for an end item or subsystem. 

2. Columns were to be marked based on actual conditions of de- 
sign, regardless of what may have been required in the design specifi- 
cation. 


3. "Noncompliance" or "Not Applicable" responses required a 
statement on a supplemental status form describing and justifying the 
existing conditions, or describing the alternate method by which the 
intent of the stated criterion had been met. The checklist statements 
were meant to be taken literally, i.e,, compliance with the intent was 
not cause for marking the compliance column. 

4. Completed checklists were to be signed and returned to the 
issuing organization for review, evaluation and statusing. 
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ITEM 

NUMBER 


SYSTEM SAFETY CHECKLIST 


TITLE: 


SECTION/TITLE: 


DATE: 


SYSTEM/SUBSYSTEM: 


ORGANIZATION: 


Adjacent or incompatible system connectors or flanged 
connections shall be keyed or sized so it is physi- 
cally impossible to connect an incompatible pressure 
unit, commodity or pressure level. 

Pressure relief valves and relief vent lines shall 
be sized to exceed the maximum flow capacity of the 
upstream pressure regulating device. 

Shutoff valves shall not be installed in series with 
relief valves unless a burst disc or other positive 
relief device is installed in parallel. 



All adjacent connectors shall be shaped or restrained 
so that they are physically impossible to mismate. 

Connectors with unkeyed symmetrical pin arrangements 
shall not be used. 

Overload protection devices shall be sized (or set) 
so that the combination of current and time at which 
the device operates will not cause the operation of 
upstream protective devices. 




Figure 1: TYPICAL FORMAT AND SAMPLE CRITERIA - 

GROUND SUPPORT EQUIPMENT DESIGN 


7 


NON- 

COMPLIANCE 

NOT 
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C. Ground Rules for Checklist Program Implementation 


Ground rules for contractual action control, approval cycles, 
release procedures, tracking of problem-action summaries, etc., were 
as follows : 


1* Checklists would neither impose requirements on the designs 
nor, in themselves, authorize or recommend design changes. 

2. Checklists would be released by appropriate MSFC project 
offices. 

3. Upon receipt of returned checklists by project offices, 
copies would be submitted to the Skylab Test, Reliability, Quality 
Assurance and Safety Office (SL-TQ) for review, evaluation, and status- 
ing. 


4. Processing by SL-TQ would include the preparation of problem- 
action summaries which would be submitted to appropriate management for 
further investigation or corrective action. A special task team was 
established by the Skylab Program Office to assist in uniform problem 
verification, follow-up with design organizations, and to recommend or 
initiate corrective actions as appropriate * 

5. Problem- act ion summaries would be tracked until closed by 
MSFC or contractor action. In other words, tracked until a design 
change was approved and incorporated or the disposition and rationale 
for risk acceptance was approved by program management. 

6. Constraint inputs to plans, procedures, and operations 
(flight and ground, to include tests, handling, transportation and 
storage) would be developed based on hazards identified and residual 
risks which management deemed acceptable. 


D. Benefits of Checklist Technique 


This self-assessment checklist technique and the broad-based 
systematic application of checklists, in combination with the evaluation 
and corrective action system, resulted in the following: 

1. Demonstration that if experience retention information is 
brought to the attention of the designer in a direct manner, he will 
apply it. Oversights in new designs and in converting equipment from 
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previous programs to new uses on Skylab were identified and corrected . 
Many of these actions were initiated by the responsible design groups 
during checklist completion prior to checklist return to MSFC. "Non- 
compliance" columns were marked and the actions that were in process 
to correct deficiencies were stated in the supplemental rationale. 

2. Provided a method for coordinating the efforts of many gov- 
ernment and contractor organizations from a systems safety point of 
view. Detailed reviews of management controls, processes, and opera- 
ting procedures resulted from questions brought out by evaluation 
efforts. These reviews considered such factors as controls to prevent 
installation of components in reverse, controls to ensure application 
of proper torque values, verification of pressure regulator and flow 
control device settings, verification of cleanliness levels of GSE 
prior to use with flight hardware, and inspection of connectors for 
bent pins, foreign objects, or contamination prior to mating. 

3. Extended the capability of a small group of system safety 
specialists to permit a program-wide safety assessment through engi- 
neering organizations responsible for hardware development. Names and 
department numbers of individual engineers who had completed each 
checklist section were submitted to MSFC with each checklist. Rapid 
response was provided by telephone to questions arising during the 
evaluation process. Copies of detailed drawings or procedures were 
submitted upon request as required to process potential problem-action 
summaries. The use of existing design groups minimized the develop- 
ment and continuous maintenance (changes) of detail design schematics 
at the component, subassembly, or subsystem level by the system safety 
evaluation group. Design changes occurring after initial checklist 
submittal were reviewed against checklist criteria by the design group 
responsible for the change. Supplemental status sheets were submitted 
to the safety evaluation group for changed items. This supplemental 
status was reviewed for impact against previously baselined safety 
checklist status for the equipment. 

« 

4. Provided management with visibility of results. Centralized 
processing of completed checklists and a coordinated corrective action 
system provided a focal point for overall checklist program status. 
Comparisons between checklists for flight and ground equipment used in 
combination resulted in the identification and resolution of potential 
hazards not recognized at the individual equipment level. Significant 
risks were immediately brought to the attention of the responsible de- 
sign organization for confirmation and corrective action recommenda- 
tions. Potential problems were resolved through Configuration Change 
(Review) Board action. Skylab system safety checklist program status 
reviews were included as part of periodic MSFC Skylab Program Manage- 
ment Reviews. In addition, checklist status was included as a special 
subject within Reliability and Safety portions of the DCR, both at the 
individual prime contractor level and at the overall Skylab level. 
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E. Conclusions Based on Skylab Experience 


The basic concept for progressive total program application of 
system safety checklists can be effectively implemented on any program, 
subsystem, or product of any size of complexity, A master set of check- 
lists can be developed from this initial baseline document and from which 
applicable sections or criteria statements can be selected to fit a given 
discipline, product, or program. This approach would minimize continual 
redevelopment efforts on each program or for each product. However, the 
need to select and tailor the criteria to the specific product, opera- 
tion, or program is essential to the achievement of the stated objectives. 

In addition to the benefits previously described, the disciplined 
approach provided by this checklist technique will provide the following: 

1. Assists all disciplines in the application of safety-related 
experience. 

2. Provides educational benefits to all disciplines and helps 
to prevent oversights by bringing attention to many of the conditions 
which have contributed to accidents, incidents, or failures in the past. 

3. Provides a systematic method to identify hazards which can be 
used independently or in support of more sophisticated hazard analysis 
methods. 


SUGGESTIONS FOR FUTURE PROGRAM APPLICATION 


The composite system safety checklist (parts I and II contained 
herein) can be applied by the following methods. 

1. Direct incorporation of criteria statements into design spe- 
cifications, This approach would provide visibility of "noncompliance" 
items and alternate methods by which the intent has been met through a 
standard configuration management process (e.g., waiver or deviation 
requests and subsequent risk decisions). 

2. The addition of two additional columns on a form similar to 
that used on Skylab (see Figure 1) could be used for programs in the 
very early phases of development (i.e., prior to the Preliminary Re- 
quirements Review or Preliminary Design Review). The additional columns 
could be used for "Design Will Comply" and "Design Will Not Comply." 
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In cases where the "Noncompliance" column is marked in addition to 
"Design Will Comply," no supplemental rationale would be required. At 
such time as the design is changed to meet the criteria, the status 
would be changed. If no additional visibility is provided during 
periods between milestone reviews or preferably a lesser but reasonable 
period of time, the item being tracked could be investigated further. 

3. The approach used on Skylab could be effectively implemented 
for program phases such as during detail design prior to the Critical 
Design Review or Design Certification Review. 

4. The checklist technique described could also be used as a 
supplement to the review of all design changes. Overall system safety 
status could then be maintained throughout the program. This status 
could be reviewed as part of major milestone reviews and provide a con- 
tinuous source of information for the progressive development of hazard 
summaries or catalogs. This information could also become input data 
to (or be combined with) a critical items list. Thus, increased confi- 
dence could be obtained in the late phases of a program, such as during 
a Design Certification Review or Flight Readiness Review, as to the 
residual risks associated with the product and its intended use. 

Recognizing the users obligation to shape the checklist appli- 
cation technique to his particular needs, it is important to note that 
a criteria statement marked "noncompliance" would not in all cases indi- 
cate a hazardous condition. Alternate methods within the design may 
accomplish the same intent. The evaluation of completed checklists for 
independent hardware end items should consider equipment used in com- 
bination to accomplish a specific operation. Interfacing systems or 
equipment may complement each other or create systems-level hazards. 

The visibility afforded by completed checklists could allow these deter- 
minations to be made. The evaluation of criteria statements in combina- 
tion within a single checklist could be used to produce a safety profile 
of the product or equipment being assessed. Similarly, the evaluation 
of multiple checklists for equipment used in combination to accomplish 
a test or similar function can be used to produce a system safety pro- 
file. — ‘ — 3 


Amplifying a previous example, a pressurization console may not 
incorporate built-in relief protection but the interfacing system in an 
upstream facility may provide adequate console protection. A flight 
pressure vessel which is to become a component part of a larger system, 
on the other hand, may not have built-in relief protection and may be 
vulnerable to loss during component level test. Multipurpose test 
facilities and consoles may incorporate adequate self-protection as a 
system but may not protect the equipment under test. This can happen 
where various organizations or contractors are involved in designing 
equipment and subsystems. System safety checklists can be used as an 
aid in assessing the safety aspects of an integrated system for all 
planned operational configurations. 
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SYSTEM SAFETY CHECKLIST - PART I 
FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
SECTION: 1.0 SYSTEMS CRITERIA 


1.1 ELECTRICAL POWER SYSTEMS 

1. DC RETURNS SHALL NOT EE DISCONNECTED OR ISOLATED FROM THE SINGLE 
POINT GROUND CONNECTION TO THE SPACECRAFT STRUCTURE DURING ANY 
MODE OF SYSTEM, EXPERIMENT OR OTHER PAYLOAD OPERATION. 

2. MODULE, EXPERIMENT AND OTHER PAYLOAD MATING SURFACES SHALL BE 
ELECTRICALLY BONDED SO THAT A FAULT CURRENT (BASED ON MAXIMUM 
SHORT CIRCUIT CURRENT THAT MAY RESULT FROM AVAILABLE POWER WITH- 
IN INDIVIDUAL EQUIPMENT) MAY BE SAFELY RETURNED FROM ANY POINT 
ON THE STRUCTURE OF THE MODULE, EXPERIMENT OR OTHER PAYLOAD TO 
THE SPACECRAFT SINGLE POINT GROUND. 

3. THE ELECTRICAL POWER SYSTEM SHALL INCLUDE THE CAPABILITY TO 
ISOLATE EACH LOAD INDEPENDENTLY FROM THE POWER SOURCE TO PERMIT 
LOAD SELECTION DURING EMERGENCY CONDITIONS. 

4. REDUNDANT POWER DISTRIBUTION BUSES SHALL NOT BE ROUTED THROUGH 
THE SAME CONNECTOR. 

1.2 ENVIRONMENTAL AND THERMAL CONTROL SYSTEMS 

5. MEANS SHALL BE PROVIDED FOR THE CREW AND BY GROUND COMMAND TO 
OVERRIDE THE AUTOMATIC ENVIRONMENTAL CONTROL SYSTEM. 

6. MEANS SHALL BE PROVIDED FOR THE CREW AND BY GROUND COMMAND TO 
OVERRIDE THE AUTOMATIC ACTIVE THERMAL CONTROL SYSTEM. 

7. REDUNDANT OXYGEN AND COOLANT WATER SUPPLY CONNECTIONS SHALL BE 
PROVIDED AT EVA STATIONS. 

8. THE OXYGEN SYSTEM SHALL HAVE REDUNDANT LINES AND ISOLATION 
VALVES TO CONNECT OXYGEN STORAGE BOTTLES TO THE OXYGEN PRESSURE 
REGULATION SUBSYSTEM (COMPONENTS) TO ENSURE THAT A LEAK IN A 
SINGLE OXYGEN LINE WOULD NOT RESULT IN A LOSS OF THE TOTAL 
OXYGEN SUPPLY. 

9. THE NITROGEN SYSTEM SHALL HAVE REDUNDANT LINES AND ISOLATION 
VALVES TO CONNECT NITROGEN STORAGE BOTTLES TO THE NITROGEN PRES- 
SURE REGULATION SUBSYSTEM (COMPONENTS) TO ENSURE THAT A LEAK IN 
A SINGLE NITROGEN LINE WOULD NOT RESULT IN A LOSS OF THE TOTAL 
NITROGEN SUPPLY. 


PRECEDING PAGE BLANK NOT FILMED 
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SYSTEM SAFETY CHECKLIST - PART I 
FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
SECTION: 1 .0 SYSTEMS CRITERIA 

10. THE SPACECRAFT HABITABLE ENVIRONMENT (E.G. , CABIN, LABORATORY, 
ETC.) VENTING SYSTEM SHALL NOT VENT THROUGH OUTLETS THAT ARE 
USED TO VENT OTHER LIQUIDS OR GASES. 

11. THE SPACECRAFT HABITABLE ENVIRONMENT RELIEF VALVE (S) AND OTHER 
VENTING DEVICES SHALL PROVIDE AN AUDIBLE AND VISUAL INDICATION 
WHEN NOT FULLY SEATED. 

12. DEVICES WITH REPLACEABLE OR CLEANABLE ELEMENTS SHALL BE PRO- 
VIDED TO REMOVE PARTICULATE MATTER FROM THE HABITABLE 
ENVIRONMENT. 

1.3 CAUTION AND WARNING (C&W) TYPE SYSTEMS 

(E.G. , HAZARD OR EMERGENCY DETECTION SYSTEMS) 

13. EACH PARAMETER MONITORED BY THE CAUTION AND WARNING SYSTEM SHALL 
BE TELEMETERED TO THE GROUND UPON SENSING AN OUT-OF-TOLERANCE 
CONDITION. 

14. ALL C&W SYSTEM SENSORS SHALL FAIL IN SUCH A MANNER THAT A SIGNAL 
INPUT WILL BE INITIATED TO THE C&W SYSTEM, RESULTING' IN AN ALARM. 

15. ALL SENSORS FOR ALL PARAMETERS MONITORED BY THE C&W SYSTEM SHALL 
BE INDEPENDENTLY POWERED BY THE C&W SYSTEM TO PREVENT LOSS OF 
HAZARD INDICATION DUE TO POWER FAILURE OF A MONITORED SYSTEM. 

16. END-TO-END IN-FLIGHT CHECKOUT CAPABILITY SHALL BE PROVIDED FOR 
EACH SUBSYSTEM SECTION OF THE C&W SYSTEM INCLUDING THE CAPA- 
BILITY TO TEST EACH SENSOR OPERATION. 

17. THE C&W SYSTEM SHALL MONITOR ITS OWN PERFORMANCE AND ALERT THE 
CREW TO OUT-OF-LIMIT CONDITIONS, INCLUDING LOSS OF PRIMARY 
POWER. 

18. THE C&W SYSTEM AUDIO TONES SHALL NOT BE ROUTED TO EVA CREWMEN, 

IF A CREW MEMBER IS ON WATCH INSIDE THE SPACECRAFT. 

19. ALL C&W SYSTEM AUDIO TONE (LEVEL) CONTROLS SHALL BE DESIGNED 
SUCH THAT THE TONE IS STILL AUDIBLE AT THE MINIMUM CONTROL 

. SETTING. 
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SYSTEM SAFETY CHECKLIST - PART I 
FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
SECTION: 1.0 SYSTEMS CRITERIA 


1.3 CAUTION AND WARNING (C&W) TYPE SYSTEMS (Cont.) 

20. | THE OPERATION OF ANY SWITCH THAT WOULD DISABLE AN EMERGENCY OR 
WARNING SUBSYSTEM TONE GENERATOR OR SPEAKER BOX(ES) SHALL GEN- 
ERATE A TELEMETRY SIGNAL TO THE GROUND IN ORDER TO PROTECT 
AGAINST INADVERTENT OPERATION OR FAILURE OF THE SWITCH FROM 
DEGRADING THE C&W SYSTEM CAPABILITY TO SOUND AN AUDIBLE ALARM. 

21. | AN INHIBIT SWITCH SHALL BE PROVIDED IN EACH SENSOR CIRCUIT TO 
ALLOW ISOLATION OF A SINGLE MALFUNCTIONING SENSOR AND PERMIT 
NORMAL OPERATION OF ALL OTHER REMAINING SENSING UNITS. 

22. | THE CAPABILITY SHALL BE PROVIDED TO TRANSMIT A "CREW ALERT" FROM 
A GROUND COMMAND IN ORDER TO INITIATE A WARNING THROUGH THE C&W 
SYSTEM. 

23. i ALL SENSORS USED FOR INPUTS TO SYSTEMS OTHER THAN C&W, WHICH ARE 
ALSO USED BY THE C&W SYSTEM, SHALL BE ISOLATED SUCH THAT A 
FAILURE IN THE OTHER SYSTEM WILL NOT AFFECT THE CAUTION AND 
WARNING SYSTEM. 

24. | FIRE SENSORS (DETECTORS) SHALL BE LOCATED TO PROVIDE COVERAGE OF 
ALL HABITABLE AREAS OF THE SPACECRAFT. 


1.4 ATTITUDE AND POINTING CONTROL TYPE SYSTEMS (APCS) 
(E.G., GUIDANCE, NAVIGATION, FLIGHT CONTROLS) 


25.| GYROSCOPE INSTALLATIONS USED FOR GUIDANCE, STABILIZATION AND 
CONTROL OR SIMILAR APPLICATIONS SHALL INCLUDE PROVISIONS FOR 
VERIFICATION BY GROUND CONTROL AND THE FLIGHT CREW THAT GYRO 
ROTATIONAL SPEED IS WITHIN LIMITS. 


26. | ALL ATTITUDE AND POINTING CONTROL GYROS SHALL ACTUATE ALARMS 

WHEN THE GYROS ARE IN OPERATIONAL USE BUT NOT OPERATING WITHIN 
THE SPECIFIED RANGE OF ROTATIONAL SPEED. 


1.4.1 THRUSTER TYPE ATTITUDE CONTROL SYSTEMS (ACS) 

27. THE ACS SHALL BE CAPABLE OF ISOLATING OR INTERRUPTING THE COM- 
MAND TO EACH THRUSTER CONTROL VALVE IN ORDER TO PROTECT AGAINST 
INADVERTENT COMMANDS OR A STUCK OPEN THRUSTER. 

28. AN INTERLOCK SHALL BE PROVIDED TO PRECLUDE OPERATION OF THE ACS 
THRUSTERS DURING EVA. 
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SYSTEM SAFETY CHECKLIST - PART I 
FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
SECTION: 1.0 SYSTEMS CRITERIA 

1.4.1 THRUSTER TYPE ATTITUDE CONTROL SYSTEMS (ACS) 

29. THERE SHALL BE GROUND COMMAND CAPABILITY TO INHIBIT THE IMPULSE 
OF THE ACS THRUSTERS. 

1.5 CREW ACCOMMODATIONS 

30. A SELF-CONTAINED, PORTABLE BREATHING OXYGEN SYSTEM SHALL BE PRO- 
VIDED FOR EACH ASTRONAUT FOR USE DURING EMERGENCY CONDITIONS. 

31. A FIRE EXTINGUISHER (S) SHALL BE PROVIDED IN EACH MODULE AND 
CREW COMPARTMENT. 

32. CREW ACCOMMODATIONS, INCLUDING SLEEPING ACCOMMODATIONS, SHALL BE 
DESIGNED AND LOCATED SUCH THAT INVOLUNTARY MOVEMENTS OF CREWMEN 
SHALL NOT ACTUATE EQUIPMENT. 

33. EAR PROTECTIVE DEVICES SHALL BE PROVIDED WHICH ARE DESIGNED 
SOLELY TO PREVENT INJURY TO THE EAR FROM EXCESSIVE NOISE LEVELS 
AND SHALL BE IN ADDITION TO DEVICES WHICH ARE USED FOR ANOTHER 
PURPOSE, SUCH AS A COMMUNICATIONS HEADSET. 

34. ALL RESTRAINING DEVICES, CABLE OR WIRING HARNESSES AND UMBILI- 
CALS WHICH MAY RESTRAIN A HUMAN OPERATOR OR TEST SUBJECT SHALL 
INCLUDE QUICK DISCONNECT OR RAPID RELEASE DEVICES TO FREE THE 
OPERATOR OR SUBJECT UNDER ADVERSE CONDITIONS. 

35. ALL QUICK DISCONNECT OR RAPID RELEASE MECHANISMS USED TO FREE A 
HUMAN OPERATOR OR TEST SUBJECT FROM ANY RESTRAINING DEVICE, 

CABLE, WIRING HARNESS OR UMBILICAL SHALL AUTOMATICALLY REMOVE 
POWER OR RENDER INOPERATIVE ALL EQUIPMENT ACTING UPON OR USED 
BY THE TEST SUBJECT OR OPERATOR FOR ALL MODES OF EQUIPMENT 
OPERATION. 

1.6 EXPERIMENT AND OTHER PAYLOAD HARDWARE ACCOMMODATIONS 

1.6.1 GENERAL 

36. ROTATIONAL EQUIPMENT WITHIN ENCLOSURES REQUIRING PERIODIC ACCESS, 
SUCH AS MOTOR DRIVEN CANISTERS CONTAINING PHOTOGRAPHIC EQUIPMENT 
OR TELESCOPES, SHALL BE PROVIDED WITH A POSITIVE MANUAL LOCKING 
DEVICE, ACCESS DOOR INTERLOCK WITH DRIVE MECHANISMS OR SIMILAR 
CREW PROTECTION IN ORDER TO PREVENT EQUIPMENT ROTATION DURING 
PERIODS REQUIRING CREW ACCESS, SUCH AS DURING FILM RETRIEVAL AND 
REPLACEMENT ACTIVITIES. 
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SYSTEM SAFETY CHECKLIST - PART I 

FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 

SECTION: 1.0 SYSTEMS CRITERIA 

1.6.1 GENERAL (Cont.) 

37. CAPABILITY SHALL BE PROVIDED TO REMOVE ELECTRICAL POWER FROM 
EACH EXPERIMENT INTERFACE WITHOUT AFFECTING THE OPERATION OF 
OTHER EXPERIMENTS OR SYSTEMS. 

38. VIEWFINDERS AND SIMILAR CREW OPERATED SIGHTING EQUIPMENT SHALL 
INCORPORATE FILTERS OR AUTOMATIC APERTURE CONTROLS THAT WILL 
LIMIT THE AMOUNT AND TYPE OF LIGHT SEEN BY A CREWMAN. 

39. THERE SHALL BE A DISPLAY DEVICE TO INDICATE TO THE CREW THE 
OPEN POSITION OF ANY EXTERNAL DOOR OVER A WINDOW IN THE SPACE- 
CRAFT STRUCTURE WHICH IS USED BY AN EXPERIMENT AND WHICH MAY BE 
OBSTRUCTED FROM VIEW BY THE INSTALLED EXPERIMENT (DIRECT MECHANI- 
CAL LINKAGE WITH NO ELECTRICAL INTERFACE PREFERRED). 

40. ALL EQUIPMENT USING A SINGLE PANE WINDOW IN THE SPACECRAFT 
STRUCTURE SHALL BE SEALED AGAINST THE SPACECRAFT STRUCTURE AND 
SHALL BE CAPABLE OF WITHSTANDING 4.0 TIMES THE DIFFERENTIAL 
PRESSURE ACROSS THE SPACECRAFT SHELL IN ORDER TO PROTECT AGAINST 
RAPID DEPRESSURIZATION OF THE SPACECRAFT IN THE EVENT OF LOSS 

OF SPACECRAFT WINDOW INTEGRITY. 

1.6.2 MEDICAL EQUIPMENT AND EXPERIMENTS 

41. ELECTRICAL SHOCK PROTECTION CIRCUITS IN ALL EQUIPMENT INCOR- 
PORATING PROBES, SENSORS AND SIMILAR DEVICES THAT ARE ATTACHED 
TO A CREWMAN OR TEST SUBJECT SHALL BE DESIGNED TO REMOVE THE 
INPUT POWER TO THE EQUIPMENT WHEN A CURRENT LEVEL OF 100 MICRO- 
AMPERES IS SENSED. 

42. ELECTRICAL SHOCK PROTECTION CIRCUITS SHALL BE TOTALLY REDUNDANT 
TO INSURE CREW PROTECTION IN THE EVENT OF PRIMARY SHOCK PROTEC- 
TION CIRCUIT FAILURE. 

43. VALVES OR SIMILAR COMPONENTS THAT COULD BE OPERATED OUT-OF- 
SEQUENCE SO THAT FLAMMABLE OR TOXIC FLUIDS COULD BE INTRODUCED 
INTO THE HABITABLE AREAS OF THE SPACECRAFT SHALL BE PROVIDED 
WITH INTERLOCKS TO PREVENT SUCH OPERATION. 

44. ANY EQUIPMENT WHICH SUPPLIES A GAS TO BE INHALED BY A CREWMAN 
SHALL INCLUDE A FILTER AS THE LAST COMPONENT BEFORE THE POINT OF 
INHALATION. 
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SYSTEM SAFETY CHECKLIST - PART I 
FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
SECTION: 1.0 SYSTEMS CRITERIA 


1.6.2 MEDICAL EQUIPMENT AND EXPERIMENTS (Cont.) 

45. ASTRONAUT RESTRAINTS, SHOES, SEAT AND HANDLEBARS USED ON ERGOM- 
ETERS AND COMPONENTS OF SIMILAR EQUIPMENT THAT MAY BE USED IN 
CONJUNCTION WITH ELECTRONIC SENSING DEVICES, SUCH AS A VECTOR- 
CARDIOGRAPH (VCG) , SHALL BE ELECTRICALLY INSULATED TO PREVENT A 
PARALLEL ELECTRICAL PATH WHICH COULD AFFECT THE INSTRUMENTATION. 

46. ALL ELECTRODES AND FLEXIBLE TUBING UTILIZED IN MEDICAL EXPERI- 
MENTS SHALL BE STRUCTURALLY CAPABLE OF WITHSTANDING DECOMPRES- 
SION AND RECOMPRESSION OF THE SPACECRAFT WITHOUT DAMAGE. 

47. ALL MEDICAL EQUIPMENT TO BE PLACED AT THE ENTRANCE TO OR WITHIN 
A BODY OPENING OF A SUBJECT DURING FLIGHT SHALL BE STERILIZED 
AND INDIVIDUALLY PACKAGED. 

1.6.3 SCIENTIFIC AIRLOCK (SAL) AND EVA TYPE EQUIPMENT 

48. BASE SUPPORTS, BRACES, BUMPERS OR SIMILAR PROVISIONS SHALL BE 
DESIGNED TO LIMIT THE MOVEMENT OF ANY CANTILEVERED SAL MOUNTED 
EQUIPMENT SO THAT THE DESIGN LOAD LIMITS OF THE SAL ATTACH 
POINTS WILL NOT BE EXCEEDED DUE TO INADVERTENT IMPACT. 

49. ALL HANDLES USED FOR JETTISON OF EQUIPMENT EXTENDED THROUGH A 
SCIENTIFIC AIRLOCK (SAL) SHALL HAVE GUARDS, COVERS OR SIMILAR 
PROTECTION AGAINST INADVERTENT ACTUATION. 

50. THERE SHALL BE A VISUAL INDICATING DEVICE TO SHOW THAT A MECH- 

: ANISM USED TO EXTEND EQUIPMENT EXTERNAL TO THE HABITABLE SPACE- 

CRAFT AREA IS FULLY EXTENDED OR RETRACTED. 

51. BOOMS REQUIRING EXTENSION BY THE USE OF EXTENSION ROD SEGMENTS 
SHALL HAVE SAFETY LATCHES WHICH AT ALL TIMES PREVENT INADVERTENT 
EJECTION OF EQUIPMENT DURING ASSEMBLY OF THE BOOM EXTENSION ROD. 

52. BOOMS PROVIDING EXTENSION THROUGH AN AIRLOCK SHALL HAVE JETTISON 
CAPABILITY WHEN THE BOOM OR EXTENSION ROD IS STUCK AT ANY POSI- 
TION OR THE EXPERIMENT ON THE BOOM IS STUCK AT ANY POSITION 
PREVENTING RETRACTION. 

53. BOOM EXTENSION ROD CONNECTION POINTS SHALL HAVE POSITIVE LATCH- 
ING MECHANISMS TO PREVENT INADVERTENT DISCONNECTION OF THE 
EXTENSION ROD. 
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FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
~ SECTION: 1.0 SYSTEMS CRITERIA 



(Cont. ) 


54. BOOMS EXTENDED IN ORBITAL PAYLOADS SHALL BE STRUCTURALLY CAPABLE 
OF WITHSTANDING ALL VEHICLE MOVEMENTS INCLUDING DOCKING MANEU- 
VERS. 

55. BOOM EXTENSION MECHANISMS SHALL NOT UTILIZE ANY MATERIALS THAT 
OUTGAS CONTAMINANTS WHICH CAN AFFECT CONTAMINATION MEASUREMENT 
EXPERIMENTS OR OTHER EXTERNAL CONTAMINATION- SENSITIVE ELEMENTS. 

56. ANY LOCKING OR BRAKING SYSTEM ON A BOOM WHICH EXTENDS THROUGH A 
SAL SHALL NOT DISTORT THE BOOM, WHEN CLAMPING FORCE IS APPLIED, 
SUCH THAT THE BOOM CANNOT BE RETRACTED OR EJECTED. 

57. ALL EXPERIMENTS AND EXPERIMENT COMPONENTS WHICH ARE DEPLOYED BY 
AN EXTENDIBLE BOOM SHALL BE SECURED TO THE BOOM BY A POSITIVE 
LOCKING MECHANISM. 
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SYSTEM SAFETY CHECKLIST - PART I 
FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
SECTION: 2.0 GENERAL CRITERIA 

1. OPERATING RANGE AND PERFORMANCE LIMITS FOR ALL SYSTEMS AND EQUIP- 
MENT SHALL BE SPECIFIED IN THE DESIGN. 

2. CLEANLINESS LEVELS AND CONTAMINATION CONTROL REQUIREMENTS SHALL 
BE SPECIFIED IN THE DESIGN. 

3. COMPONENTS CONTAINING MERCURY SHALL NOT BE USED. 

4. BERYLLIUM, BERYLLIUM OXIDES, OR BERYLLIUM ALLOYS SHALL NOT BE 
USED INSIDE THE SPACECRAFT HABITABLE ENVIRONMENT. 

5. COMPONENTS USED IN AREAS WITH FLAMMABLE VAPORS, LIQUIDS, OR 
OTHER COMBUSTIBLE MATERIALS SHALL BE INCAPABLE OF CAUSING 
UNINTENTIONAL IGNITION. 

6. EQUIPMENT DESIGN SHALL PRECLUDE THE GENERATION OF SOUND PRES- 
SURE LEVELS ABOVE 85 db. 

7. FRICTION TYPE LOCKING PINS IN WHICH THE LOCKING CAPABILITY 
BECOMES DEGRADED AS A RESULT OF REPEATED USE SHALL NOT BE USED. 

8. ALL CONNECTORS (E.G., ELECTRICAL, HYDRAULIC, PNEUMATIC) SHALL 
HAVE TETHERED CAPS, PLUGS OR COVERS IN ORDER TO PROTECT AGAINST 
CONTAMINATION OR DAMAGE WHEN UNMATED. 

9. LOCKING PINS, KNOBS, HANDLES, LENS COVERS, ACCESS PLATES , AND 
SIMILAR DEVICES WHICH MAY REQUIRE TEMPORARY REMOVAL SHALL BE 
TETHERED OR OTHERWISE HELD CAPTIVE TO THE EQUIPMENT WITH WHICH 
THEY ARE USED. 

10. CHAINS, BEADED LINKS OR SIMILAR SEGMENTED DEVICES SHALL NOT BE 
USED AS TETHERS OR RESTRAINTS. 

11. SYSTEMS SHALL BE DESIGNED SO THAT IT IS PHYSICALLY IMPOSSIBLE TO 
INSTALL COMPONENTS IN REVERSE. 

12. THE SETTING, POSITION OR ADJUSTMENT OF CONTROLS SHALL NOT BE 
AFFECTED BY SHOCK, VIBRATION, OR ACCELERATION RESULTING FROM 
LAUNCH, DOCKING, OR ON-ORBIT OPERATIONS. 

13. ANTENNAS WHICH ARE DESIGNED WITH ELECTROMECHANICAL DRIVE MECH- 
ANISMS TO PERMIT SCANNING SHALL INCLUDE A POSITIVE LOCKING DEVICE 
TO HOLD THE ANTENNA IMMOBILE WHEN UNDER ALL OPERATIONAL LOADS. 
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14. ANTENNAS WHICH ARE DESIGNED WITH ELECTROMECHANICAL DRIVE MECH- 
ANISMS TO PERMIT SCANNING SHALL BE DESIGNED TO PROVIDE CREW 
INDICATION OP ANTENNA POSITION AND LOCKING DEVICE OPERATION. 

15. EQUIPMENT PERMANENTLY MOUNTED OR TO BE DEPLOYED EXTERNAL TO THE 
SPACECRAFT HABITABLE ENVIRONMENT SHALL NOT CONTAIN MATERIALS 
WHICH OUTGAS CONTAMINANTS THAT COULD AFFECT EXTERNAL CONTAMINA- 
TION SENSITIVE ELEMENTS (E.G. , WINDOWS, OPTICS). 

16. EQUIPMENT REQUIRING ADJUSTMENT DURING OPERATION SHALL HAVE 
EXTERNAL ADJUSTMENT PROVISIONS. 

17. ALL MECHANICAL ACTUATING DEVICES SHALL HAVE POSITIVE MECHANICAL 
STOPS FOR PROTECTION AGAINST FAILURES THAT COULD ALLOW THE 
DEVICE TO EXCEED ITS INTENDED LIMITS OF TRAVEL. 

18. ALL THREADED FASTENERS AND FITTINGS SHALL HAVE TORQUE SPECI- 
FIED IN THE DESIGN, AND SHALL REQUIRE WRENCHING DEVICES FOR 
ASSEMBLY AS OPPOSED TO KNURLED KNOBS, WING NUTS, ETC. 

19. OPENINGS (SLOTTED OR OTHERWISE) IN CABINETS, COVERS, AND SIMI- 
LAR ENCLOSURES THROUGH WHICH LEVERS, SHAFTS, AND SIMILAR CON- 
TROLS OPERATE SHALL BE PROVIDED WITH NONFLAMMABLE PROTECTIVE 
COVERS, BOOTS, OR SLIDING PLATES TO PREVENT PERSONNEL INJURY OR 
EQUIPMENT DAMAGE RESULTING FROM INADVERTENT INSERTION OR ENTRY 
OF FOREIGN OBJECTS. 

20. HANDLES AND CONTROLS FOR MECHANISMS SUCH AS HATCHES, AIRLOCKS,. 
AND FOLDING PLATFORMS SHALL BE DESIGNED WITH SUFFICIENT CLEAR- 
ANCES TO PREVENT INJURY TO FINGERS AND HANDS. 

21. ALL HANDHOLDS AND HANDRAILS SHALL PROVIDE A MINIMUM CLEARANCE OF 
2.0 INCHES BETWEEN THE GRIPPING SURFACE AND ANY ADJACENT STRUC- 
TURE, AND SHALL PROVIDE A MINIMUM OF 5.5 INCHES OF STRAIGHT 
GRASPING LONGITUDINAL SURFACE. 

22. ALL INTERNAL AND EXTERNAL EQUIPMENT AND STRUCTURAL SURFACES IN- 
CLUDING COVERS, DOORS, REMOVABLE PANELS AND CONTAINERS SHALL BE 
FREE OF SHARP EDGES AND CORNERS FOR THE PROTECTION OF PERSONNEL 
AND EQUIPMENT. 

23. ACCESS DOORS, COVERS OR HATCHES WHICH ARE NOT REMOVABLE SHALL 
REMAIN IN THE DESIRED OPEN POSITION BY USE OF FRICTION OR OTHER 
DEVICES. 
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24. ANY DOOR OR HATCH WHICH IS REQUIRED TO ISOLATE THE HABITABLE 
AREAS OF THE SPACECRAFT (CABIN ATMOSPHERE) FROM SPACE VACUUM 
SHALL HAVE REDUNDANT SEALS. 

25. ALL. HATCHES REQUIRED FOR ASTRONAUT INGRESS TO OR EGRESS FROM THE 
SPACECRAFT OR BETWEEN COMPARTMENTS SHALL BE DESIGNED TO PERMIT 
INFLIGHT REPLACEMENT OF HATCH SEALS. 

26. EXPERIMENT AIRLOCKS AND SIMILAR MECHANICAL DEVICES THAT PENE- 
TRATE THE PRESSURE SHELL OF THE HABITABLE AREA OF THE SPACECRAFT 
SHALL BE DESIGNED TO PERMIT INFLIGHT REPLACEMENT OF SEALS. 

27. ALL GLASS OR SIMILAR SHATTERABLE MATERIAL SHALL BE COVERED WITH 
A SOLID MATERIAL (TRANSPARENT IF REQUIRED) TO PROTECT AGAINST 
THE INTRODUCTION OF PARTICLES INTO THE SPACECRAFT HABITABLE 
ENVIRONMENT AS A RESULT OF BREAKAGE. 

28. CONTROLS WHICH COULD CAUSE EQUIPMENT DAMAGE OR PERSONNEL INJURY 
IF OPERATED DURING GROUND OPERATIONS SHALL BE IDENTIFIED IN THE 
DESIGN. 

29. WARNING PLACARDS OR LABELS SHALL BE PROVIDED ON ALL CONTROLS 
WHICH ARE NOT TO BE OPERATED DURING GROUND OPERATIONS. 

30. ALL PLATFORMS, HANDRAILS, BOOMS, BOOM EXTENSION DEVICES AND 
SIMILAR INSTALLATIONS THAT ARE NOT DESIGNED FOR USE IN A ONE-G 
ENVIRONMENT SHALL BE PLACARDED WITH LOAD LIMITS AND PROTECTED 
FROM INADVERTENT USAGE DURING GROUND OPERATIONS. 

31. EMERGENCY CONTROLS (ELECTRICAL OR MECHANICAL) USED FOR SHUTDOWN, 
SAFING, JETTISON, ALARM OR CORRECTIVE ACTION SHALL BE CLEARLY 
MARKED, (E.G., PLACARDS, RED BOARDERS, ETC.), VISIBLE AND 
READILY ACCESSIBLE TO OPERATING PERSONNEL. 

32. DESIGN SPECIFICATIONS FOR SUBSYSTEM EQUIPMENT (E.G., CONSOLES, 
PANELS, ETC.), EXPERIMENTS AND OTHER PAYLOAD HARDWARE, INCLUDING 
SHIPPING OR STORAGE CONTAINERS FOR SUCH EQUIPMENT SHALL SPECIFY 
THAT THE LOCATION OF LIFT POINTS, ATTACH POINTS, CENTER OF 
GRAVITY AND GROSS WEIGHT SHALL BE IDENTIFIED ON ALL SUCH EQUIP- 
MENT FOR WHICH LIFTING, HOISTING OR HANDLING FIXTURES MAY BE 
REQUIRED (E.G., HANDLING, INSTALLATION OR REMOVAL PRIOR TO OR 
AFTER FLIGHT) . 
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33. 

ALL EQUIPMENT WHICH MAY BE REQUIRED TO BE LIFTED OR MOVED BY A 
HOIST, CRANE, FORKLIFT OR OTHER EQUIPMENT SHALL HAVE PROVISIONS 
FOR TEMPORARY OR PERMANENT INSTALLATION OF ATTACH POINTS, LIFT- 
ING EYES, TIE-DOWNS, AND SIMILAR HARDWARE FOR POSITIVE ATTACH- 
MENT OF SLINGS, CABLE HOOKS AND SIMILAR DEVICES. 

34. 

WARNING PLACARDS, SAFETY TAPE, COLOR CODED LABELS AND SIMILAR 
HAZARD IDENTIFICATION MATERIAL SHALL BE PLACED IN A CLEARLY 
VISIBLE LOCATION. 

35. 

ALL HANDLES, KNOBS, LATCHES, HATCHES, AND SIMILAR MECHANICAL 
DEVICES THAT REQUIRE ALIGNMENT OR ADJUSTMENT SHALL HAVE ALIGN- 
MENT INDICES OR VISIBLE MARKINGS TO ENSURE PROPER ALIGNMENT, 
ADJUSTMENT, AND OPERATION INCLUDING REALIGNMENT IN FLIGHT. 

36. 

LOCATION OF ALIGNMENT INDICES, DETENTS, RIGGING POINTS OR ALIGN- 
MENT MARKS SHALL BE ACCESSIBLE FOR ALIGNMENT RECHECK WITHOUT 
REMOVAL OF ANY COMPONENT. 

37. 

ALL FAN BLADES , PUMP IMPELLERS AND SIMILAR ROTATING MECHANISMS ■ 
SHALL HAVE PROTECTIVE DEVICES SUCH AS A SHEAR PIN, FRICTION 
CLUTCH, MAGNETIC CLUTCH OR SIMILAR DEVICE TO PROTECT THE DRIVE 
MECHANISM. 

! 38. 

MOVING PARTS SUCH AS FANS, BELT DRIVE ASSEMBLIES AND SIMILAR 
COMPONENTS THAT COULD CAUSE PERSONNEL INJURY OR EQUIPMENT 
DAMAGE DUE TO INADVERTENT CONTACT WITH SUCH EQUIPMENT SHALL BE 
PROVIDED WITH GUARDS OR SIMILAR PROTECTIVE DEVICES. 

39. 

EQUIPMENT UTILIZING ROTATING MECHANISMS SHALL INCORPORATE PRO- 
VISIONS FOR CONTAINMENT OF FAILED PARTS. 

40. 

LOCK OR LATCHING MECHANISMS SHALL BE OPERABLE BY A SINGLE CON- 
TROL AND PROVIDE CLEAR VISUAL INDICATION OF LATCH POSITION. 

41. 

FOLD AWAY OR FOLD OVER TYPE LATCHING DEVICES THAT MUST BE IN 
THE FOLDED POSITION TO ASSURE POSITIVE LOCKING SHALL BE SPRING 
LOADED OR PINNED IN THE FOLDED POSITION TO PREVENT INADVERTENT 
OPENING DUE TO VIBRATION. 

42. 

ALL SPACECRAFT WINDOWS SHALL BE PROVIDED WITH INTERNAL- COVERS 
TO PROTECT THE WINDOW WHEN NOT IN USE DURING FLIGHT AND GROUND 
OPERATIONS. 


2 



SYSTEM SAFETY CHECKLIST - PART I 
FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
SECTION; 2.0 GENERAL CRITERIA 

43. ALL SPACECRAFT WINDOWS SHALL BE PROVIDED WITH EXTERNAL COVERS 
TO PROTECT THE WINDOW DURING GROUND OPERATIONS, AND DURING 
FLIGHT AS APPROPRIATE FOR UV-SENSITIVE GLASS, ETC. 

44. ALL SPACECRAFT INTERNAL WINDOW COVERS SHALL BE STRUCTURALLY 
CAPABLE OF WITHSTANDING A MINIMUM PRESSURE EQUAL TO 4.0 TIMES 
THE DIFFERENTIAL PRESSURE ACROSS THE SPACECRAFT PRESSURE SHELL 
DURING ON-ORBIT OPERATIONS. 

45. WINDOW COVERS, EXPERIMENT DOORS AND SIMILAR ASSEMBLIES DESIGNED 
FOR AUTOMATIC OR REMOTE CONTROL OPERATION SHALL BE CAPABLE OF 
BEING DISABLED AND MANUALLY OPERATED (E.G., DRIVE MECHANISM 
MECHANICAL OVERRIDE), IN THE EVENT OF FAILURE TO OPEN OR CLOSE. 

46. DEPLOYED EQUIPMENT CHILLED BELOW THE CABIN DEW POINT SHALL BE 
PROTECTED AGAINST CONDENSATION WHEN RE-INTRODUCED TO THE CABIN 
ENVIRONMENT. 

47. EQUIPMENT CONTAINING LENSES SUCH AS CAMERAS, VIEWFINDERS, 
TELESCOPES, ETC., SHALL BE PROVIDED WITH VIEWING ELEMENT COVERS. 

48. CLEANING AGENTS AND PROCESSES THAT ARE COMPATIBLE WITH THE 
SYSTEM (E.G. , COMPONENT MATERIALS, METAL SURFACES, COATINGS AND 
COMMODITIES USED WITHIN THE SYSTEM) SHALL BE SPECIFIED IN THE 
DESIGN. 

49. ALL CONTAINERS SUCH AS FILM CONTAINERS WHICH MAY BE PRESSURIZED 
WITH AN INERT GAS SHALL HAVE A POSITIVE PRESSURE INDICATING 
DEVICE. 

50. ALL CONTAINERS THAT ARE PRESSURIZED WITH INERT GAS SHALL BE 
TESTED TO A MINIMUM PROOF PRESSURE EQUIVALENT TO 2.0 TIMES THE 
MAXIMUM PRESSURE TO WHICH THEY WILL BE EXPOSED. 

51. ALL CONTAINERS THAT ARE PRESSURIZED WITH INERT GAS SHALL HAVE A 
MINIMUM DESIGN BURST PRESSURE OF 4.0 TIMES THE MAXIMUM DIF- 
FERENTIAL PRESSURE TO WHICH THEY WILL BE EXPOSED. 

52. ALL EQUIPMENT AND COMPONENT CONTAINERS AND ENCLOSURES WITHIN THE 
HABITABLE AREAS OF THE SPACECRAFT SHALL BE STRUCTURALLY CAPABLE 
OF WITHSTANDING DECOMPRESSION AND RECOMPRESSION OF THE' SPACE- 
CRAFT WITHOUT DAMAGE. 
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53. RADIOACTIVE MATERIALS SHALL NOT BE USED FOR ILLUMINATING PUR- 
POSES WITHOUT POSITIVE MECHANICAL PROTECTION AGAINST ABRASION 
OR FLAKING UNDER ALL POTENTIAL CONDITIONS OF USE. 

54. RADIOACTIVE MATERIALS SHALL NOT BE USED FOR ANY PURPOSE UNLESS 
IT CAN BE PROVEN THAT A NON -RADIOACTIVE SUBSTITUTE MATERIAL 
CANNOT BE USED. 

55. RADIOACTIVE MATERIAL EMBODIED OR SUSPENDED BY CERAMIC MATERIAL, 
PAINT OR SIMILAR COATINGS SHALL NOT RELEASE RADIOACTIVE MATERIAL 
AT ALL INTERNAL OR EXTERNAL ENVIRONMENTAL EXTREMES ANTICIPATED 
DURING GROUND OR FLIGHT OPERATIONS. 

56. ALL TEMPERATURE GAGES, PRESSURE GAGES, ELECTRICAL METERS AND 
SIMILAR READOUT DEVICES SHALL BE COLOR BANDED TO INDICATE SYSTEM 
OPERATING, MARGINAL AND HAZARDOUS RANGE LIMITS. 

57. ALL TEMPERATURE GAGES, PRESSURE GAGES, ELECTRICAL METERS AND 
SIMILAR READOUT DEVICES SHALL INDICATE NORMAL SYSTEM OPERATING 
RANGE WITHIN THE CENTER 50 PERCENT OF THE TOTAL RANGE OF THE 
READOUT DEVICE. 

58. DEBRIS GUARDS, SCREENS, FILTERS AND SIMILAR DEVICES SHALL BE 
LOCATED AT THE INLET TO ROTATING MECHANISMS SUCH AS DUCT-MOUNTED 
FAN ASSEMBLIES, COOLANT PUMPS AND SIMILAR ASSEMBLIES. 

59. HANDLES AND KNOBS ON ALL ROTARY CONTROLS SHALL BE KEYED OR 
SHAPED SO THAT IT IS PHYSICALLY IMPOSSIBLE FOR THEM TO TURN ON 
THE SHAFT. FURTHERMORE, EACH ROTARY CONTROL ASSEMBLY SHALL BE 
POSITIVELY KEYED OR PINNED TO ITS MOUNTING SURFACE TO ENSURE 
PROTECTION AGAINST SIMULTANEOUS ROTATION OF THE HANDLE, SHAFT 
AND CONTROL ASSEMBLY. 
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SYSTEM SAFETY CHECKLIST - PART I 
FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
SECTION: 3.0 ELECTRICAL AND ELECTRONIC 

3.1 GENERAL 

1. ALL ELECTRICAL CONNECTORS AND CABLE INSTALLATIONS SHALL BE 
DESIGNED WITH SUFFICIENT FLEXIBILITY, LENGTH, AND ACCESSIBILITY 
TO PERMIT DISCONNECTION AND RECONNECTION WITHOUT DAMAGE TO 
WIRING OR CONNECTORS. 

2. GUIDE PINS OR SLIDES SHALL BE LOCATED ON ALL PANEL, DRAWER AND 
CHASSIS SUBASSEMBLIES FOR PURPOSES OF ALIGNMENT DURING INSTALLA- 
TION AND TO PREVENT CONTACT OF THE PANEL, CHASSIS OR DRAWER WITH 
EXPOSED TERMINALS INTERNAL TO THE EQUIPMENT DURING INSTALLATION 
AND REMOVAL . 

3. ALL CONTROL SHAFTS, KNOBS, HANDLES OR LEVERS SHALL BE GROUNDED, 
INSULATED OR MADE OF NONCONDUCTIVE MATERIAL IN ORDER TO PRE- 
CLUDE PERSONNEL SHOCK OR BURN. 

4. RECEPTACLES WHOSE MATING PLUGS HAVING LOCKING FEATURES REQUIR- 
ING A TWISTING MOTION (BAYONET OR THREADED TYPES) SHALL BE 
POSITIVELY KEYED OR PINNED TO THEIR MOUNTING SURFACE SO THAT IS 
IS PHYSICALLY IMPOSSIBLE FOR THE RECEPTACLE TO TURN DURING 
PLUG ATTACHMENT. 

5. ALL EXTERNAL PARTS OF RF EQUIPMENT, EXCLUDING THE DRIVEN ELE- 
MENTS OF THE ANTENNA AND TRANSMISSION LINES, SHALL BE AT GROUND 
POTENTIAL AT ALL TIMES. 

6. RF EQUIPMENT SHALL BE SHIELDED TO PREVENT PERSONNEL EXPOSURE TO 
RF LEVELS GREATER THAN 10 mw/cm2 EXCEPT IN FRONT OF THE ANTENNA. 

7. CATHODE RAY TUBES SHALL BE COVERED IN FRONT WITH A SAFETY SHIELD 
TO PROTECT PERSONNEL FROM TUBE IMPLOSION. 

8. CONFORMAL COATINGS WHICH MAY OVERSTRESS COMPONENTS SUCH AS GLASS 
DIODES SHALL NOT BE USED. 

9. POLYURETHANE CONFORMAL COATINGS CONTAINING SOLVENTS WHICH DIS- 
SOLVE POLYSTYRENE SHALL NOT BE USED ON CIRCUIT BOARDS CONTAINING 
POLYSTYRENE COMPONENTS. 

10. ULTRASONIC VIBRATION SHALL NOT BE SPECIFIED AS A METHOD FOR 
CLEANING ELECTRONIC ASSEMBLIES. 

11. GASKETS, SEALS AND SIMILAR COMPONENTS CONTAINING SULPHUR SHALL 

NOT BE USED WITHIN OR IN CONTACT WITH ELECTRICAL COMPONENTS 
CONTAINING COPPER, ZINC, NICKEL, OR SILVER. 




SYSTEM SAFETY CHECKLIST - PART I 
FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
SECTION: 3.0 ELECTRICAL AND ELECTRONIC 

3.1 GENERAL (Cont.) 

12. THE DESIGN OF MOUNTING SURFACES AND ATTACHMENT HARDWARE FOR ALL 
ELECTRICAL CONTACTOR ASSEMBLIES (E.G. , SWITCHES, RELAYS, ETC.), 
SHALL MAINTAIN THE CONTACTS IN A HERMETICALLY SEALED ENVIRON- 
MENT. 

13. ALL CONNECTORS, CIRCUIT BOARDS, TERMINAL BOARDS, SWITCHES, 

RELAYS AND SIMILAR COMPONENTS SHALL BE POTTED, SEALED, OR OTHER- 
WISE PROTECTED AGAINST SHORTING BY MATERIALS FLOATING IN A 
ZERO-G ENVIRONMENT. 

14. ALL CONNECTORS, CIRCUIT BOARDS, TERMINAL BOARDS, SWITCHES, 

RELAYS AND SIMILAR COMPONENTS SHALL BE POTTED, SEALED, OR 
OTHERWISE PROTECTED AGAINST THE EFFECTS OF LIQUID LEAKAGE OR 
CONDENSATION . 

15. GUARDS OR COVERS SHALL BE PROVIDED OVER ALL TERMINATION POINTS 
WHERE VOLTAGE POTENTIALS EXIST IF ACCESS IS POSSIBLE WITH VOLT- 
AGE APPLIED. 

16. ALL GUARDS OR COVERS PROVIDED FOR PERSONNEL PROTECTION SHALL BE 
CLEARLY MARKED TO INDICATE THE VOLTAGE POTENTIAL OF THE COVERED 
TERMINAL . 

17 . INSULATED GUIDES SHALL BE PROVIDED WHEREVER AN ADJUSTMENT TOOL 
COULD CONTACT ANY ADJACENT CIRCUIT COMPONENT HAVING A VOLTAGE 
POTENTIAL. 

18. ALL PORTABLE ELECTRICAL EQUIPMENT SHALL BE DESIGNED SO THAT AN 
INTERNAL SHORT WILL NOT RESULT IN A VOLTAGE POTENTIAL BEING 
APPLIED TO THE CASE OR ENCLOSURE. 

19. EQUIPMENT SHALL REVERT TO A SAFE CONFIGURATION WHEN AN INPUT 
POWER LOSS OCCURS. 

20. ALL HEATERS SHALL HAVE INDEPENDENT REDUNDANT CIRCUITS FOR 
TEMPERATURE SENSING AND CONTROL. 

21. HEATERS SHALL HAVE OVERTEMPERATURE SHUT-OFF DEVICES INDEPEN- 
DENT OF ANY THERMOSTAT) WHICH REQUIRE MANUAL RESET. 

22. ANY SYSTEM WHICH HAS A CAPABILITY OF LOCKING OUT GROUND COM- 
MAND CONTROL SHALL PROVIDE AN INDICATION TO THE GROUND WHENEVER 
THE CONTROL (S) IS IN THE LOCKED-OUT POSITION. 
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SYSTEM SAFETY CHECKLIST - PART I 


FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN _____ 
SECTION: 3.0 ELECTRICAL AND ELECTRONIC 


3.2 CABLING AND WIRING 

ALL CABLES AND WIRING SHALL BE CLAMPED AND SUPPORTED TO REMAIN 
CLEAR OF SHARP EDGES AND MOVING PARTS. 

ALL CABLES AND WIRING SHALL BE CONFIGURED, CLAMPED AND SUP- 
PORTED TO ELIMINATE MECHANICAL STRESS ON WIRES, TERMINATIONS 
AND CONNECTORS DURING GROUND AND FLIGHT ENVIRONMENTS (E.G., 

SHOCK, VIBRATIONS, ETC.). 

ALL CABLES AND WIRES SHALL BE MARKED TO CLEARLY INDICATE THE 
CORRECT MATING CONNECTION OR TERMINATION POINT IN ORDER TO 
PRECLUDE PHASE REVERSAL OR CROSS-CONNECTION. 

ALL WIRING SHALL BE LOCATED AND CLAMPED TO ELIMINATE ANY POSSI- 
BILITY OF CONTACT WITH LIQUID LINES. 

THE DESIGN SHALL SPECIFY THAT WIRING SHALL NOT BE SPLICED. 

POWER AND SIGNAL (INCLUDING COMMAND) WIRING SHALL NOT BE ROUTED 
THROUGH THE SAME CABLE, CABLE BUNDLE, OR WIRING HARNESS IN 
ORDER TO MINIMIZE VOLTAGE INDUCTION INTO ADJACENT CIRCUITS. 

SHIELDS USED TO PROTECT AGAINST INDUCED VOLTAGE FOR FREQUENCIES 
UP TO 50 KHz SHALL BE CONTINUOUS THROUGH ALL CONNECTORS AND 
GROUNDED AT ONLY ONE END. 

SHIELDS USED TO PROTECT AGAINST INDUCED VOLTAGE FOR FREQUENCIES 
ABOVE 50 KHz SHALL BE CONTINUOUS THROUGH ALL CONNECTORS AND 
GROUNDED AT BOTH ENDS. 

POLYVINYL CHLORIDE SHALL NOT BE USED AS WIRE INSULATION. 

ELECTRICAL WIRE OR CABLE INSULATED OR COATED WITH POLYTETRA- 
FLUOROETHYLENE (TFE) OR FLUORINATED ETHYLENE PROPYLENE (FEP) 

SHALL BE ETCHED PRIOR TO POTTING TO ASSURE POSITIVE BOND AND 
ENVIRONMENTAL SEAL. 

WHEN ETCHING OF INSULATION IS REQUIRED, THE DESIGN SHALL SPECIFY 
THAT THE OPEN END OF THE WIRE WILL NOT BE EXPOSED TO THE ETCHANT. 
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SYSTEM SAFETY CHECKLIST - PART I 

FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
. SECTION: 3.0 ELECTRICAL AND ELECTRONIC 

3.2 CABLING AND WIRING (Cont.) 

34. CABLING OR WIRING LOCATED OUTSIDE THE HABITABLE AREA OF THE 
SPACECRAFT SHALL BE CAPABLE OF FLEXING WITHOUT DAMAGE TO THE 
WIRE OR INSULATION AT THE EXTREME TEMPERATURE ENVIRONMENT OF 
SPACE. 

35. WIRES AND CABLES SHALL NOT BE IDENTIFIED OR MARKED BY HOT 
STAMPING ON THE INSULATION. 

36. SOLID WIRE (SINGLE STRAND) SHALL NOT BE USED IN LOCATIONS 
WHERE IT MAY BE SUBJECTED TO FLEXING. 

3.3 CONNECTORS 

37. ALL MATING PLUGS AND RECEPTACLES SHALL BE MARKED OR CODED TO 
CLEARLY INDICATE THE CORRECT MATING CONNECTION. 

38. ALL ADJACENT CONNECTORS SHALL BE SHAPED OR RESTRAINED SO THAT 
IT IS PHYSICALLY IMPOSSIBLE TO MISMATE. 

39. CONNECTORS WITH UNKEYED SYMMETRICAL PIN ARRANGEMENTS SHALL NOT 
BE USED. 

40. ONLY FEMALE CONNECTORS SHALL BE USED AS ACCESS TO SOURCES OF 
POWER. 

41. ALL FLIGHT OR PROTOTYPE SYSTEM CONNECTORS WHICH INTERFACE WITH 
GROUND SUPPORT EQUIPMENT SHALL BE INDIVIDUALLY SHAPED OR RE- 
STRAINED SO THAT IT IS PHYSICALLY IMPOSSIBLE TO MISMATE THE 
INTERFACING GROUND SUPPORT EQUIPMENT CONNECTORS. 

42. POWER CIRCUITS AND SIGNAL CIRCUITS SHALL NOT BE ROUTED THROUGH 
THE SAME CONNECTOR IN ORDER TO MINIMIZE THE INTRODUCTION OF 
VOLTAGE TRANSIENTS INTO THE SIGNAL WIRING. 

43. ELECTRICAL CONNECTORS USED WITHIN THE HABITABLE AREAS OF THE 
SPACECRAFT SHALL HAVE SELF-LOCKING DEVICES AND SHALL NOT REQUIRE 
THE USE OF SAFETY WIRE. 

44. SHORTING DEVICES SUCH AS SPRINGS OR CLIPS SHALL NOT BE USED IN 
CONNECTORS . 
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FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
SECTION: 3.0 ELECTRICAL AND ELECTRONIC 

3.4 BATTERIES 

45. BATTERIES SHALL HAVE DECALS OR MARKERS TO INDICATE THE TYPE OF 
ELECTROLYTE AND SPECIAL SAFETY PRECAUTIONS. 

46. ALL BATTERY VENTS AND RELIEF DEVICES SHALL BE DESIGNED TO 
PREVENT THE EJECTION OF ELECTROLYTE FROM THE BATTERY. 

47. ALL BATTERY VENTS AND RELIEF DEVICE OUTLETS SHALL BE LOCATED 
TO PRECLUDE DAMAGE TO ADJACENT EQUIPMENT OR INJURY TO OPERAT- 
ING PERSONNEL. 

48. BATTERIES SHALL NOT BE VENTED INTO THE HABITABLE AREAS OF THE 
SPACECRAFT . 

49. ALL BATTERIES SHALL HAVE DECALS OR MARKERS TO CLEARLY INDICATE 
THE POSITIVE AND NEGATIVE TERMINALS. 

50. ALL BATTERY CASES SHALL BE DESIGNED TO CONTAIN ALL ELECTROLYTE 
DURING ALL OVERPRESSURE CONDITIONS SUCH AS THOSE WHICH COULD 
BE CAUSED BY OVERLOAD OR INTERNAL SHORTS. 

51. INSTALLED BATTERIES (SINGLE OR MULTIPLE CELLED) SHALL BE EN- 
CLOSED WITHIN A CONTAINER WHICH WILL PREVENT ELECTROLYTE 
LEAKAGE INTO THE SURROUNDING AREA IN THE EVENT OF DAMAGE TO THE 
BATTERY CASE. 

52. THE DESIGN SHALL SPECIFY THAT ALL BATTERIES AND CHARGER ASSEM- 
. BLIES SHALL BE TESTED AT FULL OPERATIONAL LOADS PRIOR TO 

INSTALLATION INTO THE SPACECRAFT, EXPERIMENT OR OTHER PAYLOAD. 

3.5 CONTROL FUNCTIONS AND COMPONENTS 

53. ALL SWITCHES SHALL BE CLEARLY MARKED OR LABELED TO INDICATE THE 
SYSTEM FUNCTION FOR EACH SWITCH POSITION. 

54. NEGATIVE CONTROL OR SWITCHING IN THE POWER RETURN LEADS OF A 
COMPONENT SHALL NOT BE USED UNLESS THE POSITIVE LEAD IS SWITCHED 
SIMULTANEOUSLY. 

55. SELF-TEST CIRCUITS SHALL INDICATE THE ACTUAL SYSTEM RESPONSE, 
RATHER THAN INDICATE ONLY THE INITIATION OF A COMMAND OR TEST 
SIGNAL. 
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SYSTEM SAFETY CHECKLIST - PART I 
FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 

SECTION: 3.0 ELECTRICAL AND ELECTRONIC 


3.5 CONTROL FUNCTIONS AND COMPONENTS (Cont.) 

SELF-LATCHING FUNCTION SWITCHES SUCH AS PUSHBUTTON SWITCH- 
INDICATORS WHICH MAY BE OPERATED WITHOUT INDICATING THE SWITCH 
POSITION DURING A POWER OFF PHASE SHALL NOT BE USED. 

ALL CIRCUIT BREAKERS OR SWITCHES USED TO CONTROL EQUIPMENT OR 
CIRCUITRY INTENDED FOR EMERGENCY PURPOSES SHALL HAVE POSITIVE 
PROTECTION AGAINST INADVERTENT OPERATION. 

ALL CIRCUIT BREAKERS OR SWITCHES USED TO CONTROL THE ARMING OF 
PYROTECHNIC DEVICES SHALL HAVE POSITIVE PROTECTION AGAINST 
INADVERTENT OPERATION. 

REDUNDANT CONTROL CIRCUIT COMPONENTS SHALL BE INDEPENDENT OF 
THOSE COMPONENTS USED IN THE PRIMARY CONTROL CIRCUIT. 

PRIMARY AND REDUNDANT CONTROL CIRCUIT WIRING SHALL NOT BE ROUTED 
THROUGH THE SAME CABLE OR CONNECTOR. 

PRIMARY AND REDUNDANT CONTROL CIRCUITS SHALL INCLUDE AN INFLIGHT 
CHECKOUT CAPABILITY WHICH WILL VERIFY THE INDEPENDENT OPERATION 
OF EACH CIRCUIT. 

PRIMARY AND REDUNDANT SYSTEM CIRCUITS SHALL NOT BE SUPPLIED FROM 
THE SAME BRANCH POWER BUS OR CIRCUIT BREAKER. 

ALL CIRCUITS (INCLUDING LATCHING RELAY CIRCUITS) SHALL BE PRO- 
TECTED AGAINST INADVERTENT OPERATION DUE TO VOLTAGE TRANSIENTS. 

ALL SYSTEM INDICATORS USED TO MONITOR SYSTEM STATUS SHALL INDI- 
CATE THE ACTUAL SYSTEM RESPONSE RATHER THAN INDICATE ONLY THE 
INITIATION OF A COMMAND OR APPLICATION OF POWER. 

LOSS OF CONTROL CIRCUIT POWER SHALL NOT RESULT IN POWER LOSS TO 
DEVICES WHICH INDICATE RESPONSE OR CONFIGURATION STATUS OF CON- 
TROLLED COMPONENTS, (I.E., POWER FOR INDICATORS OR INSTRUMEN- 
TATION USED TO MONITOR VALVE POSITION, PRESSURE LEVELS, ETC., 
SHALL BE INDEPENDENT AND ISOLATED FROM FAILURES IN CONTROL 
CIRCUITS FOR THOSE VALVES OR SENSORS). 
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FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 

SECTION: 3.0 ELECTRICAL AND ELECTRONIC 


3.5 CONTROL FUNCTIONS AND COMPONENTS (Cont.) 

66. 

TERMINAL LUGS AND INSULATED WASHERS USED WITH STUD-MOUNTED 
DIODES SHALL HAVE SUFFICIENT MATCHING SURFACE AREA TO ENSURE 
THAT THE TERMINAL LUG WILL REMAIN INSULATED FROM THE MOUNTING 
STRUCTURE. 

67. 

POSITIVE MECHANICAL MEANS SHALL BE SPECIFIED IN THE DESIGN TO 
ENSURE ADEQUATE CONTACT PRESSURE IS MAINTAINED AT STUD-MOUNTED 
DIODE CONNECTIONS. 

68. 

POSITIVE PROVISIONS SHALL BE SPECIFIED IN THE DESIGN TO PRECLUDE 
SEEPAGE OF CONFORMAL COATINGS INTO ELECTRICAL INTERFACES IN 
STUD-MOUNTED DIODE INSTALLATIONS. ' 

69. 

ALL POWER AND SIGNAL RETURNS FOR FLIGHT SYSTEMS, EXPERIMENTS OR 
OTHER PAYLOAD SHALL BE ISOLATED FROM THE CHASSIS AND SHALL BE 
ROUTED THROUGH CONNECTORS OR TERMINALS TO A SINGLE POINT GROUND 
TERMINATION FOR INTERFACE WITH THE SPACECRAFT SINGLE POINT 
GROUNDING SYSTEM. 

70. 

SPACECRAFT STRUCTURE SHALL NOT BE USED FOR THE RETURN OF CURRENT 
TO THE POWER SOURCE. 


3.6 OVERLOAD PROTECTION 

71. 

CIRCUIT BREAKERS SHALL PROVIDE A VISUAL INDICATION WHEN TRIPPED. 

72. 

CIRCUIT BREAKERS SHALL TRIP AND PROTECT THE CIRCUIT EVEN IF THE 
SWITCH LEVER IS PHYSICALLY HELD IN THE "ON" POSITION. 

73. 

OVERLOAD PROTECTION DEVICES SHALL BE INSTALLED IN EACH UN- 
GROUNDED CONDUCTOR IN THREE (3) PHASE POWER SYSTEMS AND SHALL BE 
DESIGNED SO THAT ALL THREE (3) DEVICES TRIP SIMULTANEOUSLY. 

74. 

ALL ADJUSTABLE TYPE CIRCUIT BREAKER SETTINGS SHALL BE SPECIFIED 
IN THE DESIGN. 

75. 

ALL CIRCUIT BREAKERS SHALL BE SIZED (OR SET) TO PROTECT THE 
SMALLEST WIRE WITHIN A CIRCUIT, INCLUDING ALL BRANCHES WHICH DO 
NOT HAVE INDEPENDENT CIRCUIT PROTECTION. 

76. 

OVERLOAD PROTECTION DEVICES SHALL BE SIZED (OR SET) SO THAT THE 
COMBINATION OF CURRENT AND TIME AT WHICH THE DEVICE OPERATES 
WILL NOT CAUSE THE OPERATION OF UPSTREAM PROTECTIVE DEVICES. 
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FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
, SECTION: 3.0 ELECTRICAL AND ELECTRONIC 

3.6 OVERLOAD PROTECTION (Cont.) 

77. A CIRCUIT BREAKER OR SIMILAR OVERLOAD PROTECTION SHALL BE 
PROVIDED IN EACH EXPERIMENT OR OTHER PAYLOAD IN ORDER TO 
PREVENT AN OVERLOAD IN ONE EXPERIMENT OR PAYLOAD FROM AFFECT- 
ING OTHER EXPERIMENTS OR INTERFACING EQUIPMENT. 



SYSTEM SAFETY CHECKLIST - PART I 
FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN ~ 

SECTION: 4.0 LIQUIDS AND GASES 

4.1 GENERAL 

1. SYSTEMS SHALL BE DESIGNED TO MINIMIZE THE EFFECTS OF SHOCK 
WAVES OR PRESSURE SURGES GENERATED BY SUDDEN CHANGES IN FLOW. 

2. ALL PRESSURE REGULATOR, FLOW CONTROL, AND RELIEF DEVICE SETTINGS 
SHALL BE SPECIFIED IN THE DESIGN. 

3. PROOF TEST REQUIREMENTS FOR ALL COMPONENTS SHALL BE A MINIMUM OF 
1.5 TIMES THE MAXIMUM PRESSURE AT WHICH THEY WILL BE REQUIRED TO 
OPERATE WITHIN THE SYSTEM. 

4. ALL MATERIALS INCLUDING SEALS, GASKETS AND LUBRICANTS USED IN 
FLIGHT EQUIPMENT SHALL BE COMPATIBLE WITH THE SYSTEM COMMODITY 
AND SHALL MEET THE CLEANLINESS LEVELS AND CONTAMINATION CONTROL 
REQUIREMENTS OF THE INTERFACING FLIGHT SYSTEM, EXPERIMENT OR 
OTHER PAYLOAD HARDWARE FOR WHICH THE MOST STRINGENT REQUIREMENTS 
HAVE BEEN ESTABLISHED. 

5. ALL PIPING AND COMPONENTS WITHIN EACH SYSTEM SHALL BE ELEC- 
TRICALLY BONDED ACROSS EACH CONNECTION (ALL PIPING SEGMENTS) AND 
SHALL BE GROUNDED TO REDUCE STATIC ELECTRICAL POTENTIAL. 

6. ALL LIQUID AND GAS SYSTEMS SHALL BE DESIGNED TO PERMIT LEAK 
TESTING AFTER INSTALLATION. 

7. ISOLATION VALVES SHALL BE PROVIDED AT THE FLIGHT SYSTEM INTER- 
FACE FOR INDEPENDENTLY CONTROLLING LIQUIDS, GASES AND VACUUM 
BEING SUPPLIED TO EACH SUBSYSTEM, EXPERIMENT OR OTHER PAYLOAD. 

8. AN ISOLATION SHUTOFF VALVE SHALL BE INSTALLED IN EACH SYSTEM, 
EXPERIMENT OR PAYLOAD SUPPLIED FROM A COMMON LIQUID OR GAS 
PRESSURE SOURCE. 

9. ALL EQUIPMENT REQUIRING GAS FOR PURGING OR PRESSURIZATION SHALL 
INCLUDE A HAND VALVE AT THE INLET TO THE RECEIVING EQUIPMENT OR 
AS THE FIRST COMPONENT DOWNSTREAM OF THE RECEIVING EQUIPMENT 
INTERFACE WHENEVER THE SOURCE PRESSURE SHUTOFF VALVE IS NOT 
ACCESSIBLE TO THE OPERATOR AT THE WORK STATION OR EQUIPMENT 
RECEIVING THE GAS. 

10. ELECTRICAL OR ELECTRONIC COMPONENTS SUCH AS MOTORS, SENSORS, OR 
SWITCHES USED IN LIQUID OR GAS SYSTEMS SHALL BE INSTALLED WITH 
THE COMPONENT HOUSING EXTERNAL TO THE VESSEL OR PIPING CONTAIN- 
ING THE LIQUID OR GAS. 
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FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
SECTION: 4.0 LIQUIDS AND GASES 

4.1 GENERAL (Cont.) 

11. TUBING CAPS, PLUGS, OR BLIND FLANGES (END PLATES) SHALL BE IN- 
STALLED ON ALL TEST AND SERVICE PORTS WHICH ARE NOT REQUIRED TO 
FUNCTION IN FLIGHT. 

12. PUMPS AND COMPRESSORS SHALL BE PROTECTED AGAINST DAMAGE BY USE 
OF PROTECTIVE DEVICES SUCH AS THERMAL OVERLOADS, BY-PASS RELIEF 
DEVICES, VIBRATION SENSITIVE CUTOUT SWITCHES, PUMP SUCTION 
PRESSURE INTERLOCKS AND OVERSPEED CONTROLS . 

13. FILTERS SHALL BE INSTALLED IN PUMP AND COMPRESSOR INLET LINES 
WITH PRESSURE INDICATORS ON EACH SIDE OF THE FILTER OR A 
DIFFERENTIAL PRESSURE GAGE. 

14. FILTER HOUSINGS THAT ARE REQUIRED TO BE REMOVED FROM THE SYSTEM 
FOR ELEMENT REPLACEMENT SHALL NOT BE USED. 

15. DISSIMILAR METALS SHALL NOT BE USED IN COOLANT SYSTEM COMPONENTS 
IF A GALVANIC CIRCUIT IS THEREBY ESTABLISHED WITH THE COOLANT 
ACTING AS ELECTROLYTE. 

16. LIQUID LINE INSULATION SHALL BE MADE OF NONABSORBENT MATERIALS. 

17. TITANIUM OR ITS ALLOYS SHALL NOT BE USED IN OXYGEN SYSTEMS. 

18. TITANIUM OR ITS ALLOYS SHALL NOT BE USED WITH METHANOL. 

4.2 LINES 

19. ALL LINES AND FLEXIBLE HOSES SHALL HAVE A MINIMUM DESIGN BURST 
PRESSURE OF 4.0 TIMES THE MAXIMUM PRESSURE AT WHICH THEY WILL 
BE REQUIRED TO OPERATE WITHIN THE SYSTEM. 

20. ALL LINES SHALL BE FIRMLY SUPPORTED TO PROTECT AGAINST DAMAGE 
FROM MECHANICAL STRESS AND VIBRATION. 

21. ALL LINES SHALL BE INDEPENDENTLY CLAMPED. 

22. ALL LINES SHALL BE SUPPORTED AS CLOSE AS POSSIBLE TO LINE END 
FITTINGS AND CONNECTORS TO REDUCE MECHANICAL STRESS (INCLUDING 
SIDE LOADS) AND VIBRATION AT THE CONNECTION POINT. 
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FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
SECTION: 4.0 LIQUIDS AND GASES 

4.2 LINES (Cont.) 

23. ALL RIGID LINES USED IN FIXED APPLICATIONS SHALL BE SUPPORTED 
AS. CLOSE AS POSSIBLE AT EACH BEND IN THE LINE. 

24. SERVICE POINTS FOR FILLING, DRAINING, PURGING, OR BLEEDING 
SYSTEMS DURING GROUND OPERATIONS SHALL BE LOCATED EXTERNAL TO 
THE SPACECRAFT. 

25. ALL LINES IN ALL ANTICIPATED OPERATIONAL LOCATIONS OF THE 
SPACECRAFT (E.G., HABITABLE AREAS, EVA ROUTES AND EXPERIMENT 
WORK STATIONS) SHALL HAVE SLEEVES, BARRIERS, OR SIMILAR PRO- 
TECTION AGAINST INADVERTENT DAMAGE BY PERSONNEL. 

26. ALL LINES WHICH PASS THROUGH THE PRESSURIZED CABIN WALL INTO THE 
HABITABLE AREAS OF THE SPACECRAFT SHALL HAVE A SHUTOFF VALVE 
LOCATED IN THE LINE IMMEDIATELY AFTER IT ENTERS INSIDE THE 
CABIN WALL. 

27. ALL LINES WHICH DUMP OR VENT EXTERNAL TO THE HABITABLE AREAS OF 
THE SPACECRAFT SHALL HAVE THERMOSTATICALLY CONTROLLED HEATERS 
TO PROTECT AGAINST CLOGGING. 

4.3 FLEXIBLE HOSES 

28. FLEXIBLE HOSES SHALL HAVE A MINIMUM SLACK ALLOWANCE OF 5% OF 
THE TOTAL HOSE LENGTH. 

29. ALL FLEXIBLE HOSES SHALL BE CLAMPED AND SUPPORTED TO REMAIN 
CLEAR OF SHARP EDGES AND MOVING PARTS. 

30. FLEXIBLE HOSES SHALL HAVE HOSE RESTRAINTS CONNECTED ACROSS THE 
HOSE CONNECTIONS AND SECURED TO THE SPACECRAFT STRUCTURE. 

31. FLEXIBLE HOSE RESTRAINTS SHALL BE AT LEAST 50 PERCENT STRONGER 
THAN THE MAXIMUM CALCULATED IMPACT (FORCE) ON THE RESTRAINT DUE 
TO AN OPEN LINE (UNDER MAXIMUM OPERATING PRESSURE) MOVING 
THROUGH THE DISTANCE OF FLEXURE OF THE RESTRAINT. 

32. ALL FLEXIBLE HOSES SHALL BE CLEARLY MARKED TO INDICATE THE 
SYSTEM FUNCTION, CONTENT, AND MAXIMUM OPERATING PRESSURE. 

33. A PROTECTIVE COVERING SHALL BE PROVIDED AS AN INTEGRAL PART OF 
EACH FLEXIBLE HOSE TO PRECLUDE DAMAGE FROM ABRASION AND CHAFING. 
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FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
SECTION: 4.0 LIQUIDS AND GASES 


4.4 FITTINGS, FLANGES AND CONNECTORS 

SYSTEM CONNECTORS SHALL BE KEYED OR SIZED SO THAT IT IS PHYS- 
ICALLY IMPOSSIBLE TO CONNECT AN INCOMPATIBLE COMMODITY OR 
PRESSURE LEVEL. 

ALL SYSTEM FITTINGS SHALL HAVE A MINIMUM DESIGN BURST PRESSURE 
OF 4.0 TIMES THE MAXIMUM PRESSURE AT WHICH THEY WILL BE REQUIRED 
TO OPERATE WITHIN THE SYSTEM. 

ALL CONNECTORS AND FITTINGS REQUIRED TO BE DISCONNECTED DURING 
FLIGHT OPERATIONS SHALL HAVE TETHERED CAPS, PLUGS, OR COVERS 
TO PROTECT THE SYSTEM AGAINST CONTAMINATION OR DAMAGE WHEN 
DISCONNECTED. 

4.5 PRESSURE AND LIQUID VESSELS 


ALL PRESSURE VESSELS AND RESERVOIRS SHALL HAVE A MINIMUM DESIGN 
BURST PRESSURE OF 4.0 TIMES THE MAXIMUM DESIGN OPERATING PRES- 
SURE UNLESS SPECIFICALLY DESIGNED IN ACCORDANCE WITH FRACTURE 
MECHANICS TECHNOLOGY AND SAFETY FACTORS SPECIFIED BY THE PRO- 
CURING AGENCY AND APPROVED FOR EACH VESSEL AND APPLICATION. 

INITIAL OPENING OF ALL PRESSURE VESSEL PRIMARY RELIEF DEVICES 
SHALL BE NO HIGHER THAN 110 PERCENT OF THE MAXIMUM DESIGN 
OPERATING PRESSURE OF THE VESSEL. 

ALL PRESSURE VESSELS AND RESERVOIRS SHALL HAVE AN ISOLATION 
SHUTOFF VALVE LOCATED AS THE FIRST COMPONENT DOWNSTREAM OF THE 
VESSEL AND AS CLOSE AS POSSIBLE TO THE VESSEL. 

ALL PRESSURE VESSELS SHALL HAVE A VALVE TO PERMIT CONTROLLED 
REDUCTION OF PRESSURE AS DESIRED. 

ALL PRESSURE VESSELS SHALL INCORPORATE PROVISIONS FOR MONI- 
TORING VESSEL PRESSURE. 

ALL LIQUID VESSELS SHALL HAVE A LIQUID QUANTITY INDICATING 
DEVICE. 

ALL LIQUID VESSELS SHALL HAVE A DRAIN VALVE LOCATED SUCH THAT 
ALL LIQUID MAY BE DRAINED FROM THE VESSEL DURING GROUND 
(HORIZONTAL OR VERTICAL) OPERATIONS. 
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FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 

SECTION: 4.0 LIQUIDS AND GASES 


4.5 PRESSURE AND LIQUID VESSELS (Cont.) 

44. 

ALL PRESSURE VESSELS SHALL BE CLEARLY MARKED OR LABELED TO 
IDENTIFY CONTENT AND OPERATING PRESSURE. 

45. 

ALL LIQUID VESSELS SHALL BE CLEARLY MARKED OR LABELED TO 
IDENTIFY COMMODITY AND CAPACITY. 


4.6 PRESSURE RELIEF 

46. 

A PRESSURE RELIEF DEVICE SHALL BE LOCATED DOWNSTREAM OF ANY 
PRESSURE REGULATING DEVICE WHERE INPUT PRESSURE TO THE REGULA- | 

TING DEVICE CAN EXCEED THE PROOF PRESSURE OF ANY DOWNSTREAM 1 

SYSTEM COMPONENT. 

47. 

THE INITIAL OPENING OF SYSTEM RELIEF VALVES SHALL BE NO HIGHER 
THAN 110 PERCENT OF THE UPSTREAM REGULATOR SETTING. 

48. 

PRESSURE RELIEF VALVES AND RELIEF VENT LINES SHALL BE SIZED TO 
EXCEED THE MAXIMUM FLOW CAPACITY OF THE UPSTREAM PRESSURE REGU- 
LATING DEVICE UNDER FAILED OPEN CONDITIONS. ’ 

49. 

INITIAL OPENING OF REDUNDANT RELIEF DEVICES, WHEN USED SHALL BE 1 
NO HIGHER THAN 125 PERCENT OF THE UPSTREAM REGULATOR SETTING. \ 

50. 

REDUNDANT RELIEF DEVICES SHALL BE LOCATED IN THE SYSTEM SO AS jj 

NOT TO RENDER THE PRIMARY RELIEF DEVICE INEFFECTIVE (E.G. , 

SERIES INSTALLATION OF RELIEF VALVES) . 

51. 

A RELIEF DEVICE SHALL BE LOCATED BETWEEN ANY RESTRICTOR ORIFICE 
INSTALLATION AND AN UPSTREAM PRESSURE REGULATING DEVICE, IF 
FAILURE OF THE REGULATOR WOULD RESULT IN OVERPRESSURE ABOVE 
PROOF LEVEL. 

52. 

ALL RELIEF PORTS AND VENT LINES SHALL BE DESIGNED (LOCATED) SO 
THAT ESCAPING LIQUID OR GASES WILL NOT BE HAZARDOUS TO PERSONNEL 
OR EQUIPMENT DURING FLIGHT OR GROUND OPERATIONS. 

53. 

ALL SYSTEM RELIEF AND VENT VALVES SHALL BE CLEARLY MARKED TO 
INDICATE COMPONENT NUMBER AND SYSTEM FUNCTION. 

54. 

ALL LIQUID AND GAS VENT OR RELIEF DEVICES SHALL VENT OUTSIDE THE 
SPACECRAFT HABITABLE AREAS. 
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4.6 PRESSURE RELIEF (Cont.) 

55. ALL SEALED PANELS, CONSOLES OR SIMILAR ENCLOSURES WHICH CON- 
TAIN LIQUID OR GAS SYSTEM COMPONENTS SHALL HAVE AUTOMATIC 
(FAIL-SAFE) PRESSURE RELIEF DEVICES. 

56. INDEPENDENT (SEPARATE) LINES SHALL BE USED TO VENT OR RELIEVE 
(DISCHARGE) DIFFERENT COMMODITIES WHICH COULD DEFLAGRATE OR 
OTHERWISE REACT SUCH THAT ADVERSE PRESSURE, CONTAMINATION, 
CORROSION OR MATERIALS DEGRADATION COULD RESULT. 

4.7 VALVES, REGULATORS AND CONTROL DEVICES 

57. VENT OR BLEED VALVES SHALL BE LOCATED IN THE SYSTEM WHEREVER 
LIQUIDS OR PRESSURE COULD BE TRAPPED BETWEEN COMPONENTS. 

58. REGULATORS USED FOR STEP REGULATION SHALL OPERATE IN THE CENTER 
50 PERCENT OF THEIR TOTAL RANGE. 

59. THE MAXIMUM OPERATING PRESSURE DELIVERED BY EACH REGULATOR SHALL 
NOT BE GREATER THAN 75 PERCENT OF THE MAXIMUM PRESSURE REGULA- 
TION CAPABILITY OF THE REGULATOR. 

60. MANUALLY OPERATED VALVES SHALL NOT BE USED TO BY-PASS PRESSURE 
REGULATOR OR FLOW CONTROL DEVICES. 

61. SHUTOFF VALVES SHALL NOT BE INSTALLED IN SERIES WITH RELIEF 
VALVES UNLESS ANOTHER INDEPENDENTLY OPERATED POSITIVE RELIEF 
DEVICE IS INSTALLED IN PARALLEL WITH THE SHUTOFF VALVE (S). 

62. CHECK VALVES SHALL BE LOCATED IN PRESSURE SYSTEMS TO MINIMIZE 
DOWNSTREAM PRESSURE LOSS RESULTING FROM LOSS OF SOURCE PRESSURE. 

63. CHECK VALVES SHALL BE USED TO ISOLATE PARALLEL SUPPLY SYSTEMS 
OR PRESSURE VESSELS WHICH CAN BE USED TO SERVICE A COMMON 
DOWNSTREAM SYSTEM. 

64. CHECK VALVES SHALL BE USED TO ISOLATE PARALLEL VENT LINES EACH 
OF WHICH VENTS INTO A COMMON MANIFOLD. 

65. LOCKING PINS OR SIMILAR DEVICES SHALL BE INCLUDED IN THE DESIGN 
OF ALL LIQUID AND GAS SYSTEMS TO PROVIDE POSITIVE PROTECTION 
AGAINST INADVERTENT OPERATION OF ALL MANUALLY OPERATED VALVES. 






SYSTEM SAFETY CHECKLIST - PART I 


FLIGHT SYSTEMS AND EXPERIMENT HARDWARE DESIGN 
ECTION: 4.0 LIQUIDS AND GASES 


4.7 VALVES, REGULATORS AND CONTROL DEVICES (Cont.) 

ALL SYSTEM VALVES AND REGULATING DEVICES SHALL BE CLEARLY MARKED 
OR PLACARDED TO IDENTIFY COMPONENT NUMBER, SYSTEM FUNCTION AND 
DIRECTION OF OPERATION. 

ALL ADJUSTABLE PRESSURE CONTROL DEVICES SHALL HAVE MARKINGS TO 
INDICATE THE DIRECTION OF PRESSURE INCREASE- AND DECREASE AD- 
JUSTMENT (COUNTER-CLOCKWISE INCREASE AND CLOCKWISE DECREASE 
ARE PREFERRED) . 

4.8 GAGES AND INDICATORS 

VISUAL MONITORING CAPABILITY SHALL BE PROVIDED FOR EACH LEVEL OF 
SYSTEM PRESSURE. 

DIRECT PRESSURE READOUT GAGES SHALL NOT BE USED. 


ALL SEALED PANELS, CONSOLES, CONDUIT OR SIMILAR ENCLOSURES 
WHICH CONTAIN LIQUID OR GAS SYSTEM COMPONENTS SHALL HAVE PRES- 
SURE INDICATING OR VAPOR DETECTION DEVICES TO MONITOR AND 
INITIATE AN ALARM IN THE EVENT OF SYSTEM LEAKAGE. 
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SECTION: 1.0 GENERAL CRITERIA ~ 

1. OPERATING RANGE AND PERFORMANCE LIMITS FOR ALL EQUIPMENT SHALL 
BE SPECIFIED IN THE DESIGN. 

2. TORQUE VALUES FOR ALL THREADED FASTENERS AND FITTINGS SHALL BE 
SPECIFIED IN THE DESIGN. 

3. ALL MECHANICAL ACTUATING DEVICES SHALL HAVE POSITIVE MECHANICAL 
STOPS FOR PROTECTION AGAINST FAILURES THAT COULD ALLOW THE 
DEVICE TO EXCEED ITS INTENDED LIMITS OF TRAVEL. 

4. OPENINGS (SLOTTED OR OTHERWISE) IN CABINETS, COVERS AND SIMILAR 
ENCLOSURES THROUGH WHICH LEVERS, SHAFTS AND SIMILAR CONTROLS 
OPERATE SHALL BE PROVIDED WITH NONFLAMMABLE PROTECTIVE COVERS, 
BOOTS, OR SLIDING PLATES TO PREVENT PERSONNEL INJURY OR EQUIP- 
MENT DAMAGE RESULTING FROM INADVERTENT INSERTION OR ENTRY OF 
FOREIGN OBJECTS. 

5. MOVING PARTS SUCH AS FANS, BELT DRIVE ASSEMBLIES AND SIMILAR 
COMPONENTS THAT COULD CAUSE PERSONNEL INJURY OR EQUIPMENT 
DAMAGE DUE TO INADVERTENT CONTACT WITH SUCH EQUIPMENT SHALL BE 
PROVIDED WITH GUARDS OR SIMILAR PROTECTIVE DEVICES. 

6. LOCKING PINS, KNOBS, HANDLES, AND SIMILAR DEVICES WHICH MAY 
REQUIRE TEMPORARY REMOVAL SHALL BE TETHERED OR OTHERWISE HELD 
CAPTIVE TO THE EQUIPMENT WITH WHICH THEY ARE USED. 

7. BEADED LINK CHAINS SHALL NOT BE USED AS TETHERS OR RESTRAINTS. 

8. ALL CONTROLS AND INDICATORS SHALL BE CLEARLY MARKED OR LABELED 
TO INDICATE SYSTEM FUNCTION. 

9. EMERGENCY CONTROLS (ELECTRICAL OR MECHANICAL) USED FOR SHUTDOWN, 
SAFING, ALARM OR CORRECTIVE ACTION SHALL BE CLEARLY MARKED (E.G. 
PLACARDS, RED BOARDERS, ETC.), VISIBLE AND READILY ACCESSIBLE 
TO OPERATING PERSONNEL. 

10. MECHANICAL COMPONENTS OR MECHANISMS REQUIRING MANUAL OPERATION 
OR ADJUSTMENT SHALL BE DESIGNED FOR OPERATION WHILE WEARING 
PROTECTIVE CLOTHING SUCH AS GLOVES. 

11. ALL HANDLES AND CONTROLS INCLUDING THOSE FOR MECHANISMS SUCH AS 
FOLDING PLATFORMS SHALL BE DESIGNED WITH SUFFICIENT CLEARANCES 
TO ADJACENT STRUCTURES OR OTHER COMPONENTS TO PREVENT INJURY 

TO FINGERS AND HANDS. 


PRECEDING PAGE BLANK NOT FILMED 
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GROUND SUPPORT EQUIPMENT AND FACILITY SYSTEMS DESIGN 

SECTION: 1.0 GENERAL CRITERIA 

12. 

ALL HANDLES, KNOBS, LATCHES, HATCHES AND SIMILAR MECHANICAL 
DEVICES THAT REQUIRE ALIGNMENT OR ADJUSTMENT SHALL HAVE ALIGN- 
MENT INDICES TO ENSURE PROPER ALIGNMENT, ADJUSTMENT AND OPERA- 
TION. 

13. 

ALIGNMENT INDICES, DETENTS, RIGGING POINTS OR ALIGNMENT MARKS 
SHALL BE VISIBLE FOR ALIGNMENT RECHECK WITHOUT REMOVAL OF ANY 
COMPONENT. ! 

14. 

SYSTEMS SHALL BE DESIGNED SO THAT IT IS PHYSICALLY IMPOSSIBLE 
TO INSTALL COMPONENTS IN REVERSE. 

15. 

ALL EQUIPMENT REQUIRED TO BE LIFTED OR MOVED BY HOIST OR CRANES 
SHALL HAVE LIFTING EYES OR SIMILAR PROVISIONS FOR POSITIVE 
ATTACHMENT OF SLINGS, CABLE HOOKS AND SIMILAR DEVICES. 

16. 

GROSS WEIGHT AND CENTER-OF-GRAVITY SHALL BE CONSPICUOUSLY 
IDENTIFIED ON ALL EQUIPMENT REQUIRED TO BE LIFTED OR MOVED BY 
HOISTS, CRANES, FORKLIFTS AND SIMILAR HANDLING EQUIPMENT. 

17. 

ATTACH POINTS FOR TIE-DOWNS SHALL BE CLEARLY MARKED OR LABELED 
ON ALL EQUIPMENT. 

18. 

SKID MOUNTED EQUIPMENT SHALL HAVE THE CENTER-OF-GRAVITY LOCA- 
TION AND GROSS WEIGHT CLEARLY IDENTIFIED ON EACH SIDE OF THE 
EQUIPMENT. 

19. 

SKID MOUNTED EQUIPMENT SHALL HAVE FORKLIFT INSERTS ON EACH SIDE. 

20. 

CASTERS ON MOBILE EQUIPMENT SHALL HAVE INDEPENDENT LOCKING 
DEVICES ON EACH CASTER. 

21. 

MOBILE EQUIPMENT SHALL HAVE SELF-CONTAINED WHEEL LOCKING DEVICES. 

22. 

ALL MOBILE OR PORTABLE EQUIPMENT SHALL HAVE STATIC GROUND PRO- 
VISIONS. 

23. 

COMPONENTS CONTAINING MERCURY SHALL NOT BE USED. 

24. 

CLEANLINESS LEVELS AND CONTAMINATION CONTROL REQUIREMENTS SHALL 
BE SPECIFIED IN THE DESIGN. 
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GROUND SUPPORT EQUIPMENT AND FACILITY SYSTEMS DESIGN 

SECTION: 1.0 GENERAL CRITERIA ~ 

25. CLEANLINESS LEVELS AND CONTAMINATION CONTROLS FOR ALL GROUND 
SUPPORT SYSTEMS OR EQUIPMENT WHICH EITHER DIRECTLY INTERFACE 
WITH, OR MAY BE REQUIRED FOR USE WITHIN FLIGHT HARDWARE SHALL 
HAVE REQUIREMENTS AT LEAST EQUAL TO THOSE OF THE FLIGHT SYSTEM, 
EXPERIMENT OR OTHER PAYLOAD HARDWARE THAT. THEY ARE REQUIRED TO 
SUPPORT. 

26. CLEANING AGENTS AND PROCESSES THAT ARE COMPATIBLE WITH THE SYS- 
TEM (E.G., COMPONENT MATERIALS, METAL SURFACES, COATINGS AND 
COMMODITIES USED WITHIN THE SYSTEM) SHALL BE SPECIFIED IN THE 
DESIGN. 

27. ALL CONNECTORS (E.G., ELECTRICAL, HYDRAULIC, PNEUMATIC) SHALL 
HAVE TETHERED CAPS, PLUGS OR COVERS TO PROTECT AGAINST CON- 
TAMINATION OR DAMAGE WHEN UNMATED. 

28. NONFLAMMABLE PROTECTIVE COVERS (INCLUDING GRID FLOOR COVERINGS) 
SHALL BE PROVIDED FOR THE PROTECTION OF FLIGHT HARDWARE AND 
PERSONNEL AGAINST FALLING OBJECTS WHILE WORKING ON, OR ADJACENT 
TO, OR WITHIN THE FLIGHT MODULES WHEN MODULES ARE IN THE 
VERTICAL OR HORIZONTAL POSITION. 

29. GSE USED WITHIN THE SPACECRAFT SHALL NOT INCLUDE RADIOACTIVE 
MATERIAL. 

30. RADIOACTIVE MATERIAL SHALL NOT BE USED FOR ILLUMINATING PURPOSES 
WITHOUT POSITIVE MECHANICAL PROTECTION AGAINST ABRASION OR 
FLAKING UNDER ALL POTENTIAL CONDITIONS OF USE. 

31 . RADIOACTIVE MATERIALS SHALL NOT BE USED FOR ANY PURPOSE UNLESS 
IT CAN BE PROVEN THAT A NON-RADIOACTIVE SUBSTITUTE MATERIAL 
CANNOT BE USED. 

32. RADIOACTIVE MATERIAL EMBODIED OR SUSPENDED BY CERAMIC MATERIAL, 
PAINT OR SIMILAR COATINGS SHALL NOT RELEASE RADIOACTIVE MATERIAL 
AT ALL INTERNAL OR EXTERNAL ENVIRONMENTAL EXTREMES ANTICIPATED 
DURING GROUND OPERATIONS. 

33 . ALL EQUIPMENT, INCLUDING SHIPPING CONTAINERS AND VANS, SHALL HAV! 
WARNING PLACARDS TO IDENTIFY HAZARDOUS COMMODITIES AND RESTRIC- 
TIONS SUCH AS "NO SMOKING", "EXPLOSIVES", ETC. 

34 . WARNING PLACARDS, SAFETY TAPE, COLOR CODED LABELS AND SIMILAR 
HAZARD IDENTIFICATION MATERIAL SHALL BE PLACED IN A CLEARLY 
VISIBLE LOCATION. 
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35. EQUIPMENT DESIGN SHALL PRECLUDE THE GENERATION OF SOUND 
PRESSURE LEVELS ABOVE 90 db. 

36. ALL TEMPERATURE GAGES, PRESSURE GAGES, ELECTRICAL METERS AND 
SIMILAR READOUT DEVICES SHALL BE COLOR BANDED TO INDICATE 
SYSTEM OPERATING, MARGINAL AND HAZARDOUS RANGE LIMITS. 

37. ALL TEMPERATURE GAGES, PRESSURE GAGES, ELECTRICAL METERS AND 
SIMILAR READOUT DEVICES SHALL INDICATE NORMAL SYSTEM OPERATING 
RANGE WITHIN THE CENTER 50 PERCENT OF THE TOTAL RANGE OF THE 
READOUT DEVICE. 

38. ALL EQUIPMENT REQUIRING ADJUSTMENT DURING OPERATION SHALL HAVE 
EXTERNAL ADJUSTMENT PROVISIONS. 

39. ALL EQUIPMENT SHALL AUTOMATICALLY REVERT TO A SAFE CONFIGURA- 
TION WHEN AN INPUT POWER LOSS OCCURS. 

40. ALL OVENS, OR SIMILAR ENVIRONMENTAL CHAMBERS INCORPORATING 
HEATING ELEMENTS SHALL HAVE REDUNDANT AUTOMATIC HEATER SHUT-OFF 
DEVICES (INDEPENDENT OF PRIMARY TEMPERATURE CONTROLLING DEVICES) 
THAT REQUIRE MANUAL RESET. 

41. DRY AIR ONLY SHALL BE USED FOR GAS PURGES, TO PRECLUDE THE RISK 
OF ANOXIA ASSOCIATED WITH THE USE OF INERT GASES. 
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GROUND SUPPORT EQUIPMENT AND FACILITY SYSTEMS DESIGN 
SECTION: 2.0 ELECTRICAL AND ELECTRONIC 

2.1 GENERAL 

1. GUIDE PINS OR SLIDES SHALL BE LOCATED ON ALL PANEL, DRAWER AND 
CHASSIS SUBASSEMBLIES FOR ALIGNMENT DURING INSTALLATION AND TO 
PREVENT CONTACT WITH EXPOSED TERMINALS TO THE EQUIPMENT DURING 
INSTALLATION AND REMOVAL. 

2. ALL ELECTRICAL AND ELECTRONIC EQUIPMENT SHALL HAVE AN EXTERNAL 
GROUNDING TERMINAL FOR CONNECTION TO FACILITY GROUND. 

3. ALL CONTROL SHAFTS, KNOBS, HANDLES OR LEVERS SHALL BE GROUNDED, 
INSULATED OR MADE OF NONCONDUCTIVE MATERIAL IN ORDER TO PRE- 
CLUDE PERSONNEL SHOCK OR BURN. 

4. ALL RACKS, CHASSIS AND COMPARTMENTS WHICH CONTAIN EXPOSED TER- 
MINALS AND SIMILAR COMPONENTS SHALL BE CLEARLY MARKED OR 
PLACARDED TO INDICATE THE HIGHEST OPERATING VOLTAGE POTENTIAL 
PRESENT. 

5. INSULATED GUIDES SHALL BE PROVIDED WHEREVER AN ADJUSTMENT TOOL 
COULD CONTACT ANY ADJACENT CIRCUIT COMPONENT HAVING A VOLTAGE 
POTENTIAL. 

6. EQUIPMENT SHALL BE PROVIDED WITH A SINGLE MAIN POWER ON-OFF 
SWITCH WHICH WILL REMOVE ALL POWER (OTHER THAN INPUT POWER TO 
THE MAIN SWITCH) FROM THE EQUIPMENT WHEN THE SWITCH IS PLACED 
IN THE OFF POSITION. 

7. ALL EXTERNAL PARTS OF RF EQUIPMENT, EXCLUDING THE DRIVEN ELE- 
MENTS OF THE ANTENNA AND TRANSMISSION LINES SHALL BE AT GROUND 
POTENTIAL AT ALL TIMES. 

8. RF EQUIPMENT SHALL BE SHIELDED TO PREVENT PERSONNEL EXPOSURE TO 
RF LEVELS GREATER THAN 10 mw/ cm 2 EXCEPT IN FRONT OF THE ANTENNA. 

9. CATHODE RAY TUBES SHALL BE COVERED IN FRONT WITH A SAFETY SHIELD 
TO PROTECT PERSONNEL FROM TUBE IMPLOSION. 

10. CONFORMAL COATINGS WHICH MAY OVERSTRESS COMPONENTS SUCH AS GLASS 
DIODES SHALL NOT BE USED. 
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SECTION: 2.0 ELECTRICAL AND ELECTRONIC 

2.1 GENERAL (Cont.) 

11. ALL ELECTRICAL CONNECTORS AND CABLE INSTALLATIONS SHALL BE 
DESIGNED WITH SUFFICIENT FLEXIBILITY, LENGTH, AND ACCESSIBILITY 
TO PERMIT DISCONNECTION AND RECONNECTION WITHOUT DAMAGE TO 
WIRING OR CONNNECTORS. 

12. ALL CONNECTORS, CIRCUIT BOARDS, TERMINAL BOARDS, SWITCHES, 

RELAYS AND SIMILAR COMPONENTS IN EQUIPMENT WHICH MAY BE USED IN 
AN UNCONTROLLED ENVIRONMENT SHALL BE POTTED, SEALED, OR SIMI- 
LARLY PROTECTED AGAINST LIQUID LEAKAGE OR CONDENSATION. 

13. ELECTRICAL AND ELECTRONIC EQUIPMENT OR COMPONENTS WHICH HAVE NOT 
BEEN MOISTURE PROOFED, SHALL NOT BE LOCATED BELOW LIQUID LINES 
OR COLD SURFACES SUBJECT TO CONDENSATION. 

14. POLYURETHANE CONFORMAL COATINGS CONTAINING SOLVENTS WHICH 
DISSOLVE POLYSTYRENE SHALL NOT BE USED ON CIRCUIT BOARDS CON- 
TAINING POLYSTYRENE COMPONENTS. 

15. SOLID WIRE (SINGLE STRAND) SHALL NOT BE USED IN LOCATIONS 
WHERE IT MAY BE SUBJECTED TO FLEXING. 

16. GASKETS, SEALS AND SIMILAR COMPONENTS CONTAINING SULPHUR SHALL 
NOT BE USED WITHIN OR IN CONTACT WITH ELECTRICAL COMPONENTS 
CONTAINING COPPER, ZINC, NICKEL, OR SILVER. 

17. ULTRASONIC VIBRATION SHALL NOT BE SPECIFIED AS A METHOD FOR 
CLEANING ELECTRONIC ASSEMBLIES. 

2.2 CABLING AND WIRING 

18. ALL ELECTRICAL CABLES AND WIRING SHALL BE CLAMPED AND SUPPORTED 
TO REMAIN CLEAR OF SHARP EDGES AND MOVING PARTS. 

19. ALL ELECTRICAL AND ELECTRONIC WIRING SHALL BE LOCATED AND 
CLAMPED TO ELIMINATE ANY POSSIBILITY OF CONTACT WITH LIQUID 
LINES . 

20. ALL ELECTRICAL CABLES AND WIRING SHALL BE CLAMPED AND SUPPORTED 
TO ELIMINATE MECHANICAL STRESS ON WIRES, TERMINATIONS AND 
CONNECTORS. 
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SECTION: 2.0 ELECTRICAL AND ELECTRONIC 


2.2 CABLING AND WIRING (Cont.) 

21. ALL ELECTRICAL CABLES AND WIRES SHALL BE MARKED TO CLEARLY 
INDICATE THE CORRECT MATING CONNECTION OR TERMINATION POINT TO 
PRECLUDE PHASE REVERSAL OR CROSS-CONNECTION. 

22. ALL ELECTRICAL POWER CABLES SUPPLIED FOR USE WITH GSE SHALL BE 
HEAVY DUTY TYPE WITH POSITIVE LOCKING DEVICES TO PREVENT INAD- 
VERTENT DISCONNECTION. 

23. ALL POWER CABLES SHALL HAVE AN INDEPENDENT NONCURRENT CARRYING 
GROUND CONDUCTOR. 

24. POWER AND SIGNAL WIRING SHALL NOT BE ROUTED THROUGH THE SAME 
CABLE BUNDLE OR WIRING HARNESS TO INSURE THAT VOLTAGE WILL NOT 
BE INDUCED INTO SIGNAL CIRCUITS. 

25. SHIELDS USED TO PROTECT AGAINST INDUCED VOLTAGE FOR FREQUENCIES 
UP TO 50 KHz SHALL BE CONTINUOUS THROUGH ALL CONNECTIONS AND 
GROUNDED AT ONLY ONE END. 

26. . SHIELDS USED TO PROTECT AGAINST INDUCED VOLTAGE FOR FREQUENCIES 

ABOVE 50 KHz SHALL BE CONTINUOUS THROUGH ALL CONNECTIONS AND 
GROUNDED AT BOTH ENDS. 

27. WIRES AND CABLES SHALL NOT BE IDENTIFIED OR MARKED BY HOT 
STAMPING ON THE INSULATION. 

2.3 CONNECTORS 

28. ALL MATING PLUGS AND RECEPTACLES SHALL BE MARKED OR CODED TO 
CLEARLY INDICATE THE CORRECT MATING CONNECTION. 

29. ALL ADJACENT CONNECTORS SHALL BE SHAPED OR RESTRAINED SO THAT 
IT IS PHYSICALLY IMPOSSIBLE TO MISMATE. 

30. CONNECTORS WITH UNKEYED SYMMETRICAL PIN ARRANGEMENTS SHALL NOT 
BE USED. 

31. ONLY FEMALE CONNECTORS SHALL BE USED AS ACCESS TO SOURCES OF 
POWER. 


55 




SYSTEM SAFETY CHECKLIST - PART II 

GROUND SUPPORT EQUIPMENT AND FACILITY SYSTEMS DESIGN 
SECTION: 2.0 ELECTRICAL AND ELECTRONIC 

2.3 CONNECTORS (Cont.) 

32. ALL GROUND SUPPORT EQUIPMENT CABLES WHICH CONNECT TO PROTOTYPE 
OR FLIGHT HARDWARE SHALL HAVE CONNECTORS WHICH ARE INDIVIDUALLY 
SHAPED OR RESTRAINED SO THAT IT IS PHYSICALLY IMPOSSIBLE TO 
MISMATE OR CROSS-CONNECT EITHER END OF THE CABLE. 

33. POWER CIRCUITS AND SIGNAL CIRCUITS SHALL NOT BE ROUTED THROUGH 
THE SAME CONNECTOR IN ORDER TO MINIMIZE THE INTRODUCTION OF 
VOLTAGE TRANSIENTS INTO SIGNAL WIRING. 

34. ALL POWER RECEPTACLES AND CONNECTORS LOCATED IN OR USED WITH 
EQUIPMENT CONTAINING FLAMMABLE VAPOR OR LIQUIDS SHALL BE 
EXPLOSION PROOF. 

2.4 BATTERIES 

35. ALL WET CELL BATTERIES SHALL HAVE POSITIVE VENTING CAPABILITY 
FOR EACH CELL. 

36. ALL HERMETICALLY SEALED BATTERIES SHALL HAVE BLOWOUT PLUGS FOR 
PRESSURE RELIEF. 

37. ALL BATTERY VENT, BLOWOUT PLUGS AND RELIEF OUTLETS SHALL BE 
DESIGNED SO THAT BATTERY ELECTROLYTE CANNOT BE EJECTED FROM 
THE BATTERY. 

38. ALL BATTERY VENTS, BLOWOUT PLUGS AND RELIEF OUTLETS SHALL BE 
LOCATED TO PRECLUDE DAMAGE TO ADJACENT EQUIPMENT OR INJURY TO 
OPERATING PERSONNEL. 

39. BATTERIES SHALL HAVE DECALS OR MARKERS WHICH INDICATE THE TYPE 
OF ELECTROLYTE AND SPECIAL SAFETY PRECAUTIONS. 

2.5 CONTROL COMPONENTS 

40. ALL ELECTRICAL AND ELECTRONIC COMPONENTS LOCATED WITHIN 
CONSOLES, PANELS OR SIMILAR EQUIPMENT ENCLOSURES CONTAINING OR 
EXPOSED TO FLAMMABLE VAPORS OR LIQUIDS SHALL BE EXPLOSION 
PROOF. 

41. ALL SWITCHES SHALL BE CLEARLY MARKED OR LABELED TO INDICATE 
THE SYSTEM FUNCTION FOR EACH SWITCH POSITION. 
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2.5 CONTROL COMPONENTS 

42. ALL CIRCUIT BREAKERS OR SWITCHES USED TO CONTROL EQUIPMENT OR 
CIRCUITRY INTENDED FOR EMERGENCY PURPOSES SHALL HAVE POSITIVE 
PROTECTION AGAINST INADVERTENT OPERATION. 

43. ALL CIRCUIT BREAKERS OR SWITCHES USED TO CONTROL THE ARMING OF 
PYROTECHNIC DEVICES SHALL HAVE POSITIVE PROTECTION AGAINST 
INADVERTENT OPERATION. 

44. SELF-LATCHING FUNCTION SWITCHES SUCH AS PUSH-BUTTON SWITCH- 
INDICATORS WHICH MAY BE OPERATED WITHOUT INDICATING THE SWITCH 
POSITION DURING A POWER OFF PHASE SHALL NOT BE USED. 

45. ALL CIRCUITS (INCLUDING LATCHING RELAY CIRCUITS) SHALL BE 
PROTECTED AGAINST INADVERTENT OPERATION DUE TO VOLTAGE TRAN- 
SIENTS. 

46. TERMINAL LUGS AND INSULATED WASHERS USED WITH STUD-MOUNTED DIODES 
SHALL HAVE SUFFICIENT MATCHING SURFACE AREA TO INSURE THAT THE 
TERMINAL LUG WILL REMAIN INSULATED FROM THE MOUNTING STRUCTURE. 

47. POSITIVE MECHANICAL MEANS SHALL BE SPECIFIED IN THE DESIGN TO 
INSURE ADEQUATE CONTACT PRESSURE IS MAINTAINED AT STUD-MOUNTED 
DIODE CONNECTIONS. 

48. POSITIVE PROVISIONS SHALL BE SPECIFIED IN THE DESIGN TO PRECLUDE 
SEEPAGE OF CONFORMAL COATINGS INTO ELECTRICAL INTERFACES IN STUD- 
MOUNTED DIODE INSTALLATIONS. 

2.6 CONTROL FUNCTIONS 

49. REDUNDANT CONTROL CIRCUIT COMPONENTS SHALL BE INDEPENDENT OF 
THOSE COMPONENTS USED IN THE PRIMARY CONTROL CIRCUIT. 

50. PRIMARY AND REDUNDANT CONTROL CIRCUIT WIRING SHALL NOT BE 
ROUTED THROUGH THE SAME CABLE OR CONNECTOR. 

51. REDUNDANT CONTROL CIRCUITS SHALL INCLUDE A SELF-TEST OR CHECK- 
OUT CAPABILITY. 
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2.6 CONTROL FUNCTIONS (Cont.) 

52. 

ALL CURRENT CARRYING CONDUCTORS (POWER, CONTROL, SIGNAL AND 
RETURNS) CONNECTED TO FLIGHT HARDWARE SHALL HAVE CURRENT OVER- 
LOAD DEVICES FOR PROTECTION OF THE FLIGHT HARDWARE. 

53. 

NEGATIVE CONTROL OR SWITCHING IN THE POWER RETURN LEADS OF A 
COMPONENT SHALL NOT BE USED, UNLESS THE POSITIVE LEAD IS 
SWITCHED SIMULTANEOUSLY. 

54. 

SELF-TEST CIRCUITS SHALL INDICATE THE ACTUAL SYSTEM RESPONSE, 
RATHER THAN INDICATE ONLY THE INITIATION OF A COMMAND OR TEST 
SIGNAL. 

55. 

ALL SYSTEM INDICATORS USED TO MONITOR SYSTEM STATUS SHALL 
INDICATE THE ACTUAL SYSTEM RESPONSE RATHER THAN INDICATE ONLY 
THE INITIATION OF A COMMAND OR APPLICATION OF POWER. 

56. 

LOSS OF CONTROL CIRCUIT POWER SHALL NOT RESULT IN POWER LOSS 
TO DEVICES WHICH INDICATE RESPONSE OR CONFIGURATION STATUS OF 
CONTROLLED COMPONENTS (I.E. , POWER FOR INDICATORS OR INSTRU- \ 

MENTATION USED TO MONITOR VALVE POSITION, PRESSURE LEVELS, ETC., 
SHALL BE INDEPENDENT AND ISOLATED FROM FAILURES IN CONTROL 
CIRCUITS FOR THOSE VALVES OR SENSORS) . 


2.7 OVERLOAD PROTECTION 

57. 

ALL CIRCUIT BREAKERS LOCATED IN OR USED WITH EQUIPMENT CONTAIN- 
ING FLAMMABLE VAPORS OR LIQUIDS SHALL BE EXPLOSION PROOF. 

58. 

CIRCUIT BREAKERS SHALL PROVIDE A VISUAL INDICATION WHEN TRIPPED. 

59. 

CIRCUIT BREAKERS SHALL TRIP AND PROTECT THE CIRCUIT EVEN IF THE 
SWITCH LEVER IS PHYSICALLY HELD IN THE "ON" POSITION. 

1 

60. 

OVERLOAD PROTECTION DEVICES SHALL BE INSTALLED IN EACH UN- 
GROUNDED CONDUCTOR IN THREE (3) PHASE POWER SYSTEMS AND SHALL 
BE DESIGNED SO THAT ALL THREE (3) DEVICES TRIP SIMULTANEOUSLY. 

61. 

ALL ADJUSTABLE TYPE CIRCUIT BREAKER SETTINGS SHALL BE SPECIFIED 
IN THE DESIGN. 
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GROUND SUPPORT EQUIPMENT AND FACILITY SYSTEMS DESIGN 

SECTION: 2,0 ELECTRICAL AND ELECTRONIC 

2.7 OVERLOAD PROTECTION (Cont.) 

62. ALL CIRCUIT BREAKERS SHALL BE SIZED (OR SET) TO PROTECT THE 
SMALLEST WIRE WITHIN A CIRCUIT, INCLUDING ALL BRANCHES, WHICH 
DO NOT HAVE INDEPENDENT CIRCUIT PROTECTION. 

63. OVERLOAD PROTECTION DEVICES SHALL BE SIZED (OR SET) SO THAT THE 
COMBINATION OF CURRENT AND TIME AT WHICH THE DEVICE OPERATES 
WILL NOT CAUSE THE OPERATION OF UPSTREAM PROTECTIVE DEVICES. 

2.8 HAZARD DETECTION AND WARNING 

64. HAZARD DETECTION AND WARNING SYSTEMS SHALL BE POWERED FROM AN 
INDEPENDENT EQUIPMENT OR FACILITY POWER BUS. 

65. POWER LOSS TO HAZARD DETECTION SYSTEMS SHALL RESULT IN THE 
GENERATION OF AN ALARM. 

66. POWER-OFF ALARMS SHALL BE ENERGIZED BY AN INDEPENDENT POWER 
SOURCE. 

67. HAZARD DETECTION AND WARNING CIRCUITRY SHALL INCLUDE A MASTER 
ALARM RESET CAPABILITY TO PERMIT CONTINUED MONITORING FOR 
ADDITIONAL OUT-OF-TOLERANCE CONDITIONS WHICH MAY OCCUR AFTER AN 
INITIAL ALARM. 

68. HAZARD DETECTION AND WARNING SYSTEMS SHALL INITIATE AN AUDIBLE 
ALARM AND VISUAL INDICATION FOR ANY OUT-OF-TOLERANCE CONDITION. 

69. HAZARD DETECTION AND WARNING SYSTEMS SHALL INCLUDE A SELF-TEST 
OR CHECKOUT CAPABILITY. 
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3.1 GENERAL 

1. SYSTEMS SHALL BE DESIGNED TO MINIMIZE THE EFFECTS OF SHOCK WAVES 
OR -PRESSURE SURGES GENERATED BY SUDDEN CHANGES IN FLOW. 

2. ALL PRESSURE REGULATOR, FLOW CONTROL AND RELIEF DEVICE SETTINGS 
SHALL BE SPECIFIED IN THE DESIGN. 

3. ALL LIQUID AND GAS SYSTEMS SHALL BE DESIGNED TO PERMIT LEAK 
TESTING AT MAXIMUM DESIGN OPERATING PRESSURE AFTER INSTALLATION. 

4. PROOF TEST REQUIREMENTS FOR ALL COMPONENTS SHALL BE A MINIMUM 
OF 1.5 TIMES THE MAXIMUM PRESSURE AT WHICH THEY WILL BE REQUIRED 
TO OPERATE WITHIN THE SYSTEM. 

5. ISOLATION VALVES SHALL BE PROVIDED FOR INDEPENDENTLY CONTROL- 
LING LIQUIDS, GASES AND VACUUM BEING SUPPLIED TO EACH FLIGHT 
SUBSYSTEM, EXPERIMENT OR OTHER PAYLOAD DURING CHECKOUT OPERA- 
TIONS. 

6. ALL SEALED PANELS, CONSOLES OR SIMILAR ENCLOSURES WHICH CONTAIN 
LIQUID OR GAS SYSTEM COMPONENTS SHALL HAVE AUTOMATIC (FAIL-SAFE) 
PRESSURE RELIEF DEVICES. 

7. LINES SHALL BE PROVIDED FOR VENTING FLAMMABLE, TOXIC, ASPHYXIAT- 
ING OR NOXIOUS WASTE TO THE EXTERIOR OF THE CHECKOUT ENVIRONMENT. 

8. ALL VENT LINES AND RELIEF PORTS SHALL BE LOCATED SO ESCAPING 
LIQUID OR GASES WILL NOT BE HAZARDOUS TO PERSONNEL OR EQUIPMENT. 

9. LIQUID LINE INSULATION SHALL BE MADE OF NON-ABSORBENT MATERIALS. 

10. ALL PIPING AND COMPONENTS WITHIN EACH SYSTEM SHALL BE ELEC- 
TRICALLY CONTINUOUS OR BONDED ACROSS EACH CONNECTION (ALL PIPING 
SEGMENTS) AND SHALL BE GROUNDED TO REDUCE STATIC ELECTRICAL 
POTENTIAL. 

11. ALL MATERIALS INCLUDING SEALS, GASKETS AND LUBRICANTS SHALL BE 
COMPATIBLE WITH THE SYSTEM COMMODITY AND SHALL MEET THE CLEANliLI 
NESS LEVELS AND CONTAMINATION CONTROL REQUIREMENTS OF THE 
INTERFACING FLIGHT SYSTEM, EXPERIMENT OR OTHER PAYLOAD HARDWARE 
FOR WHICH THE MOST STRINGENT REQUIREMENTS HAVE BEEN ESTABLISHED. 

12. OXYGEN SYSTEMS OPERATING ABOVE 3000 PSI SHALL BE DESIGNED TO BE 
OPERATED REMOTELY. 
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3.1 GENERAL (Cont.) 

13. TITANIUM OR ITS ALLOYS SHALL NOT BE USED IN OXYGEN SYSTEMS. 

14. TITANIUM OR ITS ALLOYS SHALL NOT BE USED WITH METHANOL. 

15. DISSIMILAR METALS SHALL NOT BE USED IN COOLANT SYSTEM IF A 
GALVANIC CIRCUIT IS THEREBY ESTABLISHED WITH THE COOLANT ACTING 
AS ELECTROLYTE. 

16. ALL GROUND SUPPORT EQUIPMENT SUPPLYING LIQUIDS OR GASES TO 
FLIGHT SYSTEMS SHALL HAVE A FILTER INSTALLED AS THE LAST 
COMPONENT IN EACH SUPPLY LINE. 

17. FILTER HOUSINGS THAT ARE REQUIRED TO BE REMOVED FROM THE SYSTEM 
FOR ELEMENT REPLACEMENT SHALL NOT BE USED. 

18. FILTERS SHALL BE INSTALLED IN PUMP AND COMPRESSOR INLET LINES 
WITH PRESSURE INDICATORS ON EACH SIDE OF THE FILTER OR A 

. DIFFERENTIAL PRESSURE GAGE. 

19. PUMPS AND COMPRESSORS SHALL BE PROTECTED AGAINST DAMAGE BY USE 
OF PROTECTIVE DEVICES SUCH AS THERMAL OVERLOADS, BY-PASS RELIEF 
DEVICES, VIBRATION SENSITIVE CUT-OUT SWITCHES, PUMP SUCTION 
PRESSURE INTERLOCKS AND OVERSPEED CONTROLS. 

20. PUMP AND COMPRESSOR ELECTRICAL CONNECTORS SHALL BE CLEARLY 
IDENTIFIED TO PREVENT PHASE REVERSAL. 

21. ELECTRICAL OR ELECTRONIC COMPONENTS SUCH AS MOTORS, SENSORS, OR 
SWITCHES USED IN LIQUID OR GAS SYSTEMS SHALL BE INSTALLED WITH 
THE COMPONENT HOUSING EXTERNAL TO THE VESSEL OR PIPING CONTAINING 
THE LIQUID OR GAS. 

3.2 LINES 

22. ALL LINES AND FLEXIBLE HOSES SHALL HAVE A MINIMUM DESIGN BURST 
PRESSURE OF 4.0 TIMES THE MAXIMUM DESIGN OPERATING PRESSURE AT 
WHICH THEY WILL BE REQUIRED TO OPERATE WITHIN THE SYSTEM. 

23. ALL LINES USED IN FIXED APPLICATIONS SHALL BE FIRMLY SUPPORTED 
TO PROTECT AGAINST DAMAGE FROM MECHANICAL STRESS AND VIBRATION. 

24. ALL LINES USED IN FIXED APPLICATIONS SHALL BE INDEPENDENTLY 
CLAMPED. 
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3.2 LINES (Cont.) 

25. ALL LINES (FIXED OR FLEXIBLE) SHALL BE CLAMPED AND SUPPORTED AS 
CLOSE AS POSSIBLE TO LINE END FITTINGS AND CONNECTORS IN ORDER 
TO REDUCE MECHANICAL STRESS (INCLUDING SIDE LOADS) AND VIBRATION 
AT THE CONNECTION POINT. 

26. ALL RIGID LINES USED IN FIXED APPLICATIONS SHALL BE SUPPORTED 
AS CLOSE AS POSSIBLE AT EACH BEND IN THE LINE. 

27. ALL LINES INCLUDING FLEXIBLE HOSES USED IN FIXED APPLICATIONS 
SHALL BE CLEARLY MARKED TO INDICATE SYSTEM FUNCTION, CONTENT, 
MAXIMUM OPERATING PRESSURE AND DIRECTION OF FLOW. 

28. FLEXIBLE HOSE MATERIALS SHALL BE SELECTED FOR COMPATIBILITY WITH 
THE SERVICE COMMODITY. 

29. FLEXIBLE HOSES USED IN FIXED APPLICATIONS SHALL BE PROTECTED 
AGAINST ABRASION, CHAFING AND EXTREME TEMPERATURE CONDITIONS. 

30. FLEXIBLE HOSES SHALL HAVE A MINIMUM SLACK ALLOWANCE OF 5 PERCENT 
OF THE TOTAL HOSE LENGTH FOR ALL FIXED APPLICATIONS. 

31. ALL FLEXIBLE HOSES USED IN FIXED APPLICATIONS SHALL BE CLAMPED 
AND SUPPORTED TO REMAIN CLEAR OF SHARP EDGES AND MOVING PARTS. 

32. FLEXIBLE HOSES FOR USE IN TEMPORARY INSTALLATIONS SHALL HAVE 
PROVISIONS FOR ATTACHING HOSE RESTRAINTS ACROSS EACH CONNECTION. 

33. FLEXIBLE HOSES USED IN FIXED (PERMANENT) INSTALLATIONS SHALL 
INCORPORATE HOSE CONTAINMENT DEVICES TO RESTRAIN THE HOSE IN 
CASE OF RUPTURE. 

34. FLEXIBLE HOSE RESTRAINTS SHALL BE AT LEAST 50 PERCENT STRONGER 
THAN THE MAXIMUM CALCULATED IMPACT (FORCE) ON THE RESTRAINT DUE 
TO AN OPEN LINE (UNDER MAXIMUM OPERATING PRESSURE) MOVING 
THROUGH THE DISTANCE OF FLEXURE OF THE RESTRAINT, 

35. FLEXIBLE HOSES FOR USE IN TEMPORARY INSTALLATIONS SHALL HAVE 
ATTACHED TAGS OR PLACARDS TO INDICATE PROOF TEST PRESSURE, DATE 
OF LAST PROOF TEST AND REQUIRED RETEST INTERVALS. 

36. FLEXIBLE HOSES FOR USE IN TEMPORARY INSTALLATIONS SHALL BE 
CLEARLY MARKED TO INDICATE THE SYSTEM FUNCTION, CONTENT, AND 
MAXIMUM OPERATING PRESSURE. 
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3.2 LINES (Cont.) 

ALL FLEXIBLE HOSES SHALL HAVE ATTACHED TAGS, PLACARDS, OR 
SIMILAR IDENTIFICATION PROVISIONS TO CLEARLY INDICATE THE 
CORRECT MATING CONNECTION. 

3.3 FITTINGS, FLANGES AND CONNECTORS 

ADJACENT OR INCOMPATIBLE SYSTEM CONNECTORS OR FLANGED CON- 
NECTIONS SHALL BE KEYED OR SIZED SO IT IS PHYSICALLY IMPOSSIBLE 
TO CONNECT AN INCOMPATIBLE PRESSURE UNIT, COMMODITY OR PRESSURE 
LEVEL. 

ALL SYSTEM FITTINGS SHALL HAVE A MINIMUM DESIGN BURST PRESSURE 
OF 4.0 TIMES THE MAXIMUM DESIGN OPERATING PRESSURE AT WHICH 
THEY WILL BE REQUIRED TO OPERATE WITHIN THE SYSTEM. 

ALL FLANGED CONNECTIONS FOR FLEXIBLE HOSES TO BE USED IN 
TEMPORARY INSTALLATIONS SHALL BE PROVIDED WITH BLIND FLANGES 
(END PLATES) TO PROTECT AGAINST CONTAMINATION OR DAMAGE WHEN 
NOT IN USE. 

ALL METALLIC FITTINGS, SLEEVES AND CONNECTORS SHALL BE RESIS- 
TANT TO STRESS CORROSION. 

3.4 PRESSURE AND LIQUID VESSELS 


ALL PRESSURE VESSELS AND RESERVOIRS SHALL HAVE A MINIMUM DESIGN 
BURST PRESSURE OF 4.0 TIMES THE MAXIMUM DESIGN OPERATING PRES- 
SURE AT WHICH THEY WILL BE REQUIRED TO OPERATE WITHIN THE SYSTEM. 

INITIAL OPENINGS OF ALL PRESSURE VESSEL PRIMARY RELIEF DEVICES 
SHALL BE NO HIGHER THAN 110 PERCENT OF THE MAXIMUM DESIGN 
OPERATING PRESSURE OF THE VESSEL. 

ALL PRESSURE VESSELS AND RESERVOIRS SHALL HAVE AN ISOLATION 
SHUTOFF VALVE LOCATED AS THE FIRST COMPONENT DOWNSTREAM OF THE 
VESSEL AND AS CLOSE AS POSSIBLE TO THE VESSEL. 

ALL PRESSURE VESSELS SHALL HAVE A VALVE TO PERMIT CONTROLLED 
REDUCTION OF PRESSURE AS DESIRED. 

ALL PRESSURE VESSELS SHALL HAVE A POSITIVE PRESSURE INDICATING 
DEVICE. 
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3.4 PRESSURE AND LIQUID VESSELS (Cont.) 

47. ALL LIQUID VESSELS SHALL HAVE A LIQUID QUANTITY INDICATING 
DEVICE. 

48. ALL LIQUID VESSELS SHALL HAVE A DRAIN VALVE LOCATED AT THE 
LOWEST POINT SO THAT ALL LIQUID MAY BE DRAINED FROM THE VESSEL. 

49. ALL PRESSURE VESSELS SHALL BE CLEARLY MARKED OR LABELED TO 
IDENTIFY CONTENT AND OPERATING PRESSURE. 

50. ALL LIQUID VESSELS SHALL BE CLEARLY MARKED OR LABELED TO 
IDENTIFY COMMODITY AND CAPACITY. 

51. PORTABLE PRESSURIZATION OR PURGE SUPPLIES SHALL INCLUDE RACKS, 
HOLDERS, OR CARTS TO SECURE AND PROTECT THE PRESSURE BOTTLES, 
HAND VALVES AND REGULATOR ASSEMBLIES AGAINST DAMAGE. 

52. ALL CRYOGENIC LIQUID VESSELS SHALL BE THERMALLY INSULATED OR 
VACUUM JACKETED. 

3.5 PRESSURE RELIEF 

53. A PRESSURE RELIEF DEVICE SHALL BE LOCATED DOWNSTREAM OF ANY 
PRESSURE REGULATING DEVICE WHERE INPUT PRESSURE TO THE REGU- 
LATING DEVICE CAN EXCEED THE PROOF PRESSURE OF THE DOWNSTREAM 
SYSTEM (DOWNSTREAM SYSTEM INCLUDES COMPONENTS OR FLIGHT HARD- 
WARE UNDER ALL TEST OR OTHER OPERATING CONDITIONS) . 

54. THE INITIAL OPENING OF SYSTEM RELIEF VALVES SHALL BE NO HIGHER 
THAN 110 PERCENT OF THE UPSTREAM REGULATOR SETTING. 

55. PRESSURE RELIEF VALVES AND RELIEF VENT LINES SHALL BE SIZED TO 
EXCEED THE MAXIMUM FLOW CAPACITY OF THE UPSTREAM PRESSURE 
REGULATING DEVICE. 

56. REDUNDANT POSITIVE RELIEF CAPABILITY SHALL BE PROVIDED IN ALL 
GSE WHENEVER A GROUND SYSTEM PRIMARY RELIEF DEVICE MALFUNCTION 
COULD ALLOW FLIGHT SYSTEM PROOF PRESSURE LEVELS TO BE EXCEEDED. 

57. INITIAL OPENING OF REDUNDANT RELIEF DEVICES SHALL BE NO HIGHER 
THAN 125 PERCENT OF THE UPSTREAM REGULATOR SETTING OR NO HIGHER 
THAN PROOF PRESSURE LEVEL OF THE DOWNSTREAM SYSTEM OR VESSEL 
UNDER TEST, WHICHEVER IS THE LESSER. 
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3.5 PRESSURE RELIEF (Cont.) 

58. BREDUNDANT RELIEF DEVICES SHALL BE LOCATED IN THE SYSTEM SO AS 
NOT TO RENDER THE PRIMARY RELIEF DEVICE INEFFECTIVE (E.G. , 
SERIES INSTALLATION OF RELIEF VALVES) . 

59. WHERE RELIEF VALVES AND BURST DISCS ARE USED IN COMBINATION, 
RELIEF VALVES SHALL BE LOCATED UPSTREAM OF BURST DISCS. 

60. A RELIEF DEVICE SHALL BE LOCATED BETWEEN ANY RESTRICTOR ORIFICE 
INSTALLATION AND THE UPSTREAM PRESSURE REGULATING DEVICE, IF 
FAILURE OF THE REGULATOR WOULD RESULT IN OVERPRESSURE ABOVE 
PROOF LEVEL. 

61. ONLY NONCHATTERING RELIEF DEVICES SHALL BE USED. 

62. ALL SYSTEM VENT VALVES SHALL BE DESIGNED TO FAIL OPEN. 

63. ALL SYSTEM RELIEF VALVES SHALL BE DESIGNED TO FAIL OPEN. 

64. ALL SYSTEM VENT VALVES SHALL BE CLEARLY MARKED TO INDICATE 
COMPONENT NUMBER AND SYSTEM FUNCTION. 

65. ALL SYSTEM RELIEF DEVICES SHALL BE CLEARLY MARKED TO INDICATE 
COMPONENT NUMBER, SYSTEM FUNCTION, OPERATING PRESSURE SETTING, 
LATEST TEST DATE AND RETEST INTERVAL. 

3.6 VALVES, REGULATORS AND CONTROL DEVICES 

66. REGULATORS USED FOR STEP REGULATION SHALL OPERATE WITHIN THE 
CENTER 50 PERCENT OF THEIR TOTAL RANGE. 

67. MANUALLY OPERATED VALVES SHALL NOT BE USED TO BY-PASS PRESSURE 
REGULATORS OR FLOW CONTROL DEVICES. 

68. PRESSURE REGULATORS SHALL HAVE INPUT AND OUTPUT GAGES LOCATED 
AS CLOSE AS POSSIBLE TO THE REGULATOR. 

69. ONLY NONCHATTERING REGULATORS SHALL BE USED IN OXYGEN PRES- 
SURIZATION SYSTEMS. 

70. ALL SYSTEM VALVES AND REGULATING DEVICES SHALL BE IDENTIFIED 

BY COMPONENT NUMBER, SYSTEM FUNCTION AND DIRECTION OF OPERATION. 
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3.6 VALVES. REGULATORS AND CONTROL DEVICES (Cont.) 

71. ALL ADJUSTABLE PRESSURE CONTROL DEVICES SHALL HAVE MARKINGS TO 
INDICATE THE DIRECTION OF PRESSURE INCREASE AND DECREASE 
ADJUSTMENT. 

72. THE MAXIMUM SYSTEM OPERATING PRESSURE DELIVERED BY EACH REGU- 
LATOR SHALL NOT BE GREATER THAN 75 PERCENT OF THE MAXIMUM 
PRESSURE REGULATION CAPABILITY OF THE REGULATOR. 

73. VENT OR BLEED VALVES SHALL BE LOCATED IN THE SYSTEM WHENEVER 
LIQUIDS OR PRESSURE COULD BE TRAPPED BETWEEN COMPONENTS. 

74. SHUTOFF VALVES SHALL NOT BE INSTALLED IN SERIES WITH RELIEF 
VALVES UNLESS A BURST DISC OR OTHER POSITIVE RELIEF DEVICE IS 
INSTALLED IN PARALLEL. 

75. ONLY SLOW OPENING AND CLOSING VALVES WITH NONROTATING POPPETS 
SHALL BE USED IN OXYGEN SYSTEMS. 

76. CHECK VALVES SHALL BE LOCATED IN PRESSURE SYSTEMS TO MINIMIZE 
DOWNSTREAM PRESSURE LOSS RESULTING FROM LOSS OF SOURCE PRESSURE. 

77. LOCKING PINS OR SIMILAR DEVICES SHALL BE INCLUDED IN THE DESIGN 
OF ALL LIQUID AND GAS SYSTEMS TO PROVIDE POSITIVE PROTECTION 
AGAINST INADVERTENT OPERATION OF ALL MANUAL LEVER OPERATED 
VALVES. 

78. ■ CHECK VALVES SHALL BE USED TO ISOLATE PARALLEL SUPPLY SYSTEMS 

OR PRESSURE VESSELS WHICH CAN BE USED TO SERVICE A COMMON 
DOWNSTREAM SYSTEM. 

79. CHECK VALVES SHALL BE USED TO ISOLATE PARALLEL VENT LINES EACH 0] 
WHICH VENTS INTO A COMMON MANIFOLD. 

3.7 GAGES AND INDICATORS 

80. PRESSURE GAGES SHALL BE INSTALLED IN THE SYSTEM TO PROVIDE 
VISUAL MONITORING CAPABILITY FOR EACH LEVEL OF SYSTEM PRESSURE. 

81. ALL DIRECT PRESSURE READOUT GAGES SHALL BE EQUIPPED WITH 
SHATTERPROOF GLASS. 
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3.7 GAGES AND INDICATORS (Cont.) 

82. ALL DIRECT PRESSURE READOUT GAGES SHALL HAVE BLOWOUT PLUGS 
WHICH ARE PROPERLY SIZED TO SAFELY RELIEVE THE GAGE AT MAXI- 
MUM DESIGN OPERATING PRESSURE AND FLOW CAPACITY (BASED ON THE 
DIAMETER OF THE INLET TO THE GAGE) IN EVENT OF INTERNAL GAGE 
FAILURE. 

83. ALL PANELS OR PLATES USED TO MOUNT PRESSURE GAGES SHALL INCOR- 
PORATE HOLES OF SUFFICIENT SIZE TO ELIMINATE IMPAIRMENT OF 
BLOW-OUT PLUG OPERATION. 

84. THE INSTALLATION OF ALL DIRECT PRESSURE READOUT GAGES INCOR- 
PORATING BLOW-OUT PLUGS SHALL BE DESIGNED SO THAT THE DIRECTION 
OF DISCHARGE OF THE BLOW-OUT PLUG WILL NOT RESULT IN SUBSEQUENT 
DAMAGE TO ADJACENT EQUIPMENT OR INJURY TO PERSONNEL. 


67 




SYSTEM SAFETY CHECKLIST - PART II 
GROUND SUPPORT EQUIPMENT AND FACILITY SYSTEMS DESIGN 
SECTION: 4.0 HANDLING, TRANSPORTATION, STORAGE l PROTECTIVE EQUIPT. 

4.1 GENERAL 

1. handling and transportation equipment shall include provisions 

FOR PROTECTING SHOCK SENSITIVE FLIGHT EQUIPMENT FROM SHOCK OR 
VIBRATION LOADS IN EXCESS OF FLIGHT LIMITS. 

2. HANDLING AND TRANSPORTATION EQUIPMENT SHALL INCLUDE PROVISIONS 
FOR PROTECTING SHOCK SENSITIVE GROUND EQUIPMENT WHICH DOES NOT 
HAVE SHOCK MOUNTING PROVISIONS. 

3. PROOF-LOAD DIAGRAMS SHALL BE INCORPORATED IN THE DESIGN OF ALL 
LIFTING AND HANDLING EQUIPMENT TO INDICATE TEST POINTS AND 
METHODS REQUIRED FOR PROOF TEST. 

4. LOAD TEST REQUIREMENTS SHALL BE SPECIFIED IN THE DESIGN FOR 
STANDS, LADDERS, HOISTS, SLINGS, AND HANDLING EQUIPMENT. 

5. TENSION AND TORQUE REQUIREMENTS SHALL BE SPECIFIED FOR TIE-DOWN 
DEVICES. 

6. WHEN NICOPRESS SLEEVES, CLAMPS OR SIMILAR COMPRESSION TYPE 
DEVICES ARE USED ON WIRE ROPE, AT LEAST TWO DEVICES SHALL BE 
USED TO ATTACH EACH HOOK , LINK, LOOP EYE, ETC. 

7. PROTECTIVE COVERS DESIGNED FOR THE PROTECTION OF FLIGHT AND GSE 
HARDWARE SHALL BE FLAME RESISTANT. 

8. SHIPPING CONTAINERS AND PROTECTIVE COVERS SHALL BE CONSPICU- 
OUSLY MARKED TO IDENTIFY SPECIAL INSTRUCTIONS SUCH AS STEP, 
NO-STEP, HOISTING POINT, LIFTING POINT, CENTER OF GRAVITY, 

THIS SIDE UP, FOLD LINE, ETC. 

9. SHIPPING CONTAINERS AND PROTECTIVE COVERS DESIGNED FOR THE 
PROTECTION OF FLIGHT AND GSE HARDWARE SHALL DISSIPATE STATIC 
ELECTRICITY. 

10. TIEDOWNS SHALL HAVE POSITIVE LOCKING DEVICES. 

4.2 TRANSPORTATION 

11. TRANSPORTATION EQUIPMENT USED TO TRANSPORT EQUIPMENT SENSITIVE 
TO SHOCK OR ACCELERATION SHALL INCLUDE INSTRUMENTS THAT RECORD 
ACCELERATION ALONG THREE AXES WITH RESPECT TO TIME. 
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4.2 TRANSPORTATION (Cont.) 

.2. TOWED VEHICLES SHALL HAVE PERMANENTLY ATTACHED SAFETY CHAINS 
CAPABLE OF HOLDING THE VEHICLE IN EVENT OF TOWBAR OR HITCH 
FAILURE. 

3. HINGE TYPE TOWBARS SHALL HAVE A POSITIVE LOCKING DEVICE FOR 
STOWAGE IN THE RAISED POSITION WITH A STOP TO PREVENT CONTACT 
WITH THE LOAD ON THE VEHICLE. 

4. TRANSPORTING DEVICES SHALL HAVE TIEDOWN PROVISIONS FOR SECURING 
EQUIPMENT. 

< 

5. BRAKING AND WHEEL LOCKING DEVICE CONTROLS ON TOWED MOBILE 
EQUIPMENT SHALL BE PROTECTED AGAINST INADVERTENT OPERATION. 

6. ALL TRANSPORT TRUCKS AND SUPPORT EQUIPMENT VANS SHALL BE 
PROVIDED WITH FIRE EXTINGUISHERS. 

7. ALL TRANSPORTATION EQUIPMENT SHALL DISPLAY A LOAD LIMIT PLACARD. 

4.3 LIFTING EQUIPMENT 


LIFTING EQUIPMENT INCLUDING INDIVIDUAL SLINGS, CABLES AND 
SIMILAR DEVICES SHALL EACH HAVE A METAL TAG OR PLACARD DIS- 
PLAYING THE LOAD LIMIT, PROOF LOAD, DATE OF LAST PROOF TEST 
AND RETEST INTERVAL. 

LIFTING DEVICES SHALL HAVE A POSITIVE MECHANICAL LOCKING DEVICE 
TO PREVENT INADVERTENT LOWERING OF THE LOAD IN THE EVENT OF 
LIFTING MECHANISM FAILURE. 

LIFTING EQUIPMENT SHALL HAVE PERMANENT MECHANICAL STOPS TO 
PRECLUDE EXCEEDING DESIGN LIMITATIONS SUCH AS BOOM ANGLE OR 
TRAVERSE LIMITS WHICH COULD OVERLOAD THE BOOM OR OVERTURN A 
MOBILE CRANE. 

ADJUSTABLE LIFTING FIXTURES OR OTHER DEVICES USED WITH LIFTING 
EQUIPMENT SHALL HAVE POSITIVE MECHANICAL STOPS WHICH ARE PER- 
MANENTLY INSTALLED (E.G., RIVETED RATHER THAN FIXED BY SET 
SCREWS) TO PREVENT INADVERTENT DISASSEMBLY WHILE BEING ADJUSTED; 
THE DESIGN SHALL SPECIFY THAT INSTALLATION OF SUCH STOPS SHALL 
BE MANDATORY INSPECTION POINTS. 



69 



SYSTEM SAFETY CHECKLIST - PART II 

GROUND SUPPORT EQUIPMENT AND FACILITY SYSTEMS DESIGN 

SECTION: 4.0 HANDLING, TRANSPORTATION, STORAGE & PROTECTIVE EQUIPT. 


4.3 LIFTING EQUIPMENT (Cont.) 1 

22. 

AN AUTOMATIC BRAKING OR STOP FEATURE SHALL BE INCORPORATED ON i 

ALL LIFTING MECHANISM CABLE DRUMS. 

23. 

ELECTRICALLY POWERED LIFTING MECHANISMS SHALL HAVE INDEPENDENT 
MECHANICAL AND ELECTRICAL BRAKE SYSTEMS. 

24. 

BRAKING SYSTEMS SHALL BE CAPABLE OF BRAKING AND SAFELY HOLDING A 
MINIMUM OF 150 PERCENT OF THE RATED LOAD. 

25. 

CABLES ON LIFTING EQUIPMENT SHALL BE POSITIVELY SECURED TO THE 
TAKE-UP DRUM AND SHALL HAVE A MINIMUM OF FOUR FULL WRAPPINGS 
AROUND THE DRUM WHEN THE EQUIPMENT IS AT A MAXIMUM EXTENDED 
POSITION. 

26. 

SLINGS SHALL BE DESIGNED FOR A SPECIFIC OPERATION, 

27. 

HOOKS FOR LIFTING EQUIPMENT, INCLUDING HOOKS USED ON SLINGS AND 
CABLES, SHALL INCORPORATE POSITIVE SAFETY LATCHING DEVICES 
ACROSS THE HOOK OPENING. 

CO 

CN 

SLING CABLES SHALL BE OF SUFFICIENT LENGTH SO THE ANGLE FORMED | 
BY THE SLING CABLES AT THE POINT OF THE ATTACHMENT TO THE \ 
LIFTING DEVICE (E.G., CRANE CABLE HOOK) WILL NOT EXCEED 45°. 


4.4 CRADLES, STANDS, AND SUPPORT DEVICES 

29. 

CRADLES OR SUPPORT DEVICES SHALL CONFORM TO THE SHAPE, SIZE, 
WEIGHT, AND CONTOUR OF THE LOAD TO BE TRANSPORTED. 

30. 

LOAD BEARING SURFACES ON CRADLE AND SUPPORT DEVICES SHALL HAVE 
SUFFICIENT BEARING AREA TO SUPPORT THE LOAD. 

31. 

LOAD BEARING SURFACES ON CRADLES OR SUPPORT DEVICES SHALL HAVE 
PADDING TO PROTECT THE LOAD FROM DAMAGE. 

32. 

THE EMPTY WEIGHT OF CRADLES AND SIMILAR SUPPORT DEVICES AND 
THEIR LOAD CAPACITY SHALL BE DISPLAYED ON THE DEVICE. 

33. 

CRADLES AND SUPPORT DEVICES SHALL INCORPORATE PROVISIONS FOR 
ATTACHMENT OF TIEDOWNS (E.G. , CABLES, STRAPS), FOR SECURING 
EQUIPMENT. 
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4.4 CRADLES, STANDS, AND SUPPORT DEVICES (Cont.) 

TIEDOWN PROVISIONS SHALL BE INCLUDED FOR SECURING CRADLES OR 
SUPPORT DEVICES TO TRANSPORTATION EQUIPMENT. 

CRADLES AND SUPPORT DEVICES SHALL HAVE SLING EYES OR OTHER 
LIFTING PROVISIONS. 

GUIDELINES SHALL BE LOCATED ON CRADLES TO MATCH GUIDELINES ON 
SPECIAL LOADS, AND SHALL BE VISIBLE AFTER EQUIPMENT IS IN PLACE. 

37 . ALL HOIST POINTS SHALL BE CONSPICUOUSLY IDENTIFIED ON ALL 
CRADLES . 

38. ALL PLATFORMS AND SUPPORT STANDS SHALL HAVE GUARDRAILS, GATES 
WITH LATCHES, AND TOE BOARDS. 

39. HANDRAILS SHALL BE CONTINUOUS AT CHANGES IN LEVEL AND AT ALL 
OTHER TRANSITION POINTS. 

40. LADDERS USED WITH SUPPORT STANDS OR PLATFORMS SHALL HAVE 
ATTACHED PINS OR OTHER LOCKING DEVICES FOR POSITIVE ATTACHMENT 
TO THE STANDS OR PLATFORM. 

41. ALL SUPPORT STANDS, PLATFORMS AND LADDERS SHALL DISPLAY A 
PLACARD TO IDENTIFY THE LOAD CAPACITY. 

42. ALL SUPPORT STANDS, LADDERS AND PLATFORMS USED WITHIN, ON OR 
ADJACENT TO FLIGHT HARDWARE (INCLUDING SUCH EQUIPMENT AS CON- 
TOURED PLATFORMS USED ON TANK DOMES) SHALL BE PADDED TO PROTECT 
THE FLIGHT EQUIPMENT. 

43. ALL SUPPORT EQUIPMENT USED FOR INTERNAL ACCESS TO, OR WITH 
FLIGHT MODULES SHALL INCLUDE PROTECTION FOR MATING SURFACES , 

HATCH SEALING SURFACES AND SIMILAR PENETRATIONS OR OPENINGS 
ALONG THE ACCESS ROUTE. 

44. PROTECTIVE COVERS SHALL BE PROVIDED FOR ALL MATING SURFACES, 

HATCH SEALING SURFACES AND SIMILAR ACCESS OPENINGS TO PROTECT 
FLIGHT HARDWARE DURING GROUND OPERATIONS, INCLUDING THE INSTALLA- 
TION OF EQUIPMENT INTO FLIGHT MODULES AND MOVEMENT ALONG INTERNAL 
ACCESS ROUTES. 

COMBUSTIBLE MATERIALS SHALL NOT BE USED IN THE DESIGN OF STANDS 
PLATFORMS, LADDERS, ETC. 
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SYSTEM SAFETY CHECKLIST - PART II 

GROUND SUPPORT EQUIPMENT AND FACILITY SYSTEMS DESIGN 
SECT ION: 4.0 HANDLING, TRANSPORTATION, STORAGE l PROTECTIVE EQUIPTS 

4.5 SHIPPING AND STORAGE CONTAINERS 

46. ALL SKIDS, PALLETS AND SHIPPING CONTAINERS SHALL BE CLEARLY 
MARKED OR LABELED TO IDENTIFY HOISTING POINTS. 

47. ALL CONTAINERS FOR SHOCK SENSITIVE EQUIPMENT SHALL HAVE 
NONRESETTING G-LOAD METERING DEVICES. 

48. ALL METAL SHIPPING CONTAINERS SHALL HAVE GROUNDING PROVISIONS. 

49. CENTER-OF-GRAVITY SHALL BE CONSPICUOUSLY IDENTIFIED ON ALL 
SHIPPING AND STORAGE CONTAINERS. 

50. SHIPPING AND STORAGE CONTAINERS FOR PYROTECHNIC DEVICES SHALL 
MAINTAIN THE SAME MOISTURE TEMPERATURE, VIBRATION AND SHOCK 
ENVIRONMENT AS SPECIFIED FOR THE OPERATING ENVIRONMENT OF THE 
DEVICE. 

51. SHIPPING AND STORAGE CONTAINERS FOR PYROTECHNIC DEVICES SHALL 
HAVE GROUNDING PROVISIONS WHICH ARE CLEARLY MARKED. 
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information in this report has been reviewed, for security 
classification* Review of any information concerning Department of 
Defense or Atomic Energy Commission programs has been made by the 
MSFC Security Classification Officer. This report, in its entirety, 
has been determined to be unclassified. 

This document has also been reviewed and approved for technical 
accuracy. 


Thomas E. Kinser, Deputy Manager 
Test, Reliability, Quality Assurance 
and Safety Office 



Rein Ise, Manager 
Skylab Program Office 
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